Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: Client's access to Oracle's passwords

Re: Client's access to Oracle's passwords

From: Malcolm Dew-Jones <yf110_at_vtn1.victoria.tc.ca>
Date: 1 Nov 2000 16:02:41 -0800
Message-ID: <3a00af21@news.victoria.tc.ca> 






David Fitzjarrell (oratune_at_aol.com) wrote:


: In our last gripping episode yf110_at_vtn1.victoria.tc.ca (Malcolm Dew-

: Jones) wrote:

: > Roger Crowley (villagefox_at_my-deja.com) wrote:

: > (..snip...)

: > : catch it in cleartext on the server side. Of course, there are often

: > : lots of passwords in cleartext in the view, all_db_links (if you

 have


: > : encoded a login userid/password in the link). I don't know about

: >

: > you should put links into USER_DB_LINKS for each user that needs

 them.


: >

: > Only the user can see the contents of the user_db_links table (the DBA

: > cannot see the contents of each user_db_link).

: >

 


: Interesting... so if I have 300 users, who all need access to the same

: remote system, I should go through, as each user, and create a private

: database link to the remote system so that no one but that user could

: see the password?




If the users can use public links without exposing their passwords then of
course you wouldn't set each user up as a special case.



I really just meant to point out that if password _are_ required (they
certainly are in the situations I've worked with) then the user should be
given the ability to define their own link so that the DBA is not involved
and cannot see the passwords. 



As for 300 users, _every_ time they use the system they have to enter a
password (no?).  How onerous can it be to expect them to also enter any
remote passwords they need the _first_ time they use an application. (I
assume the application then saves the connect data in the USER_db_link
table).  Even if they are working interactively, a small front end script
would allow them to easily maintain there own remote account details for
able links. 




: One can always create a public database link, without specifying a

: user/password, to connect to the remote system presuming, of course,

: that the user account creating the link exists on the remote system:

 


: create public database link <>

: using '...';

 


: This eliminates any cleartext passwords in the user_db_links table.

 


: --

: David Fitzjarrell

: Oracle Certified DBA





: Sent via Deja.com http://www.deja.com/

: Before you buy.



--


Received on Wed Nov 01 2000 - 18:02:41 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US