Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: ODBC and password

Re: ODBC and password

From: Alan Shein <alanshein_at_erols.com>
Date: Thu, 21 Oct 1999 09:53:43 -0400
Message-ID: <7un5r7$s5k$1@autumn.news.rcn.net> 





You can make the user id  and password part of the ODBC data source by using
the ODBC applet in control panel, but you still have the same "hard coded"
problem as well as a major security issue, as anyone can look at it.



One way to handle the problem is to create your own security table that
contains the user_id and password that allows use of your application. You
then have only one Oracle ID and password that is known only to your
application (hard code it in). No one besides you and the DBA would know
this ID and password. In other words, it works like this:



    
  
  1.   User starts your application
  
  2.   Your application logs into Oracle using its "secret" id and password
  
  3.   Your application prompts user for his ID and password
  
  4.   Your application checks the security table for id and password
  
  5.   if okay, proceed...






Make sure that the "secret" id has only select rights to the security table.


Received on Thu Oct 21 1999 - 08:53:43 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US