Re: Application with only one Oracle user

From: <apitt_at_myportal.cx>
Date: 7 May 2002 19:10:44 GMT
Message-ID: <ab98rk$mm5$1@news.netmar.com>

In article <f18358b2.0203241309.1c832c2b_at_posting.google.com>, Fleury Marcel <marcel.fleury_at_bluewin.ch> writes:
>Hello, a company have to install an application using an Oracle 8i DB.
>This application uses a generic Oracle user. All users are declared
>and managed into the application.
>The Oracle user is declared into a .ini file and it is in clear text.
>The only protection comes from the OS (solaris).
>As they are sensitive data what can I do to secure this configuration
>?
>
>Thank you

Marcel,

One thing that you can do is to encrypt the username and password in the ini file and have the application read and decrypt these credentials when needed. The level of encrytion does not need to be very high - 64-bit encryption should be good enough for your purposes. There are encrytion algorithms and all sorts of sample code floating around the internet, if you need some.

Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web ----- http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups NewsOne.Net prohibits users from posting spam. If this or other posts made through NewsOne.Net violate posting guidelines, email abuse_at_newsone.net

Received on Tue May 07 2002 - 14:10:44 CDT

Re: Application with only one Oracle user - what about security ?