| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.tools -> Re: embedded passwords
> We are looking to reduce internal credit card fraud in our company by
> setting up user security in Oracle so that everyone has their own unique ID
> and password and so that passwords expire every 90 days.
>
> The problem: We have many applications that were created in-house that
> contain embedded ID's and passwords so I was told we can't change ID's and
> passwords in Oracle. My questions are:
>
> - What are other people doing out there in a case like this? Is there any
> way to take the embedded ID's and passwords out of the applications and
> still have them function correctly?
> - Or can we leave an ID embedded in an application without embedding the
> password so the user using the app will be prompted for a password each time
> they use the app? This way we could set expiring passwords, lockout settings
> etc.
Embedded IDs are antithetical to database security. It is hard to have both at the same time. But the easy answer is to create PROFILES for different classes of users. For example you might have
Create a role for each with different system privileges. Then to each role assign a profile. The profile for the embedded applications might have passwords that never expire whereas the other profiles expire passwords. This method would also allow you to modify an entire class of users with a single change to their common profile.
Daniel A. Morgan Received on Wed Mar 14 2001 - 00:19:05 CST
 |
 |