Re: Security Question-Reposted

Hi Anurag,
  As you can see, there are a lot of different ways to accomplish this security implementation. Another one is to make your application do some kind of password encryption, that is, the password the users are aware of are not the same used to logon to Oracle. One to bypass your front-end application would have to know the encryption algorithm and encryption key, encrypt his/her password and use the encrypted version to login.
  This can provide some extra security from passwords hacking, and force the users to login thru your application solely. And to start thinking of bypassing it, one would have to get access to the front-end source code and work hard on it. By the way, don't leave the encryption key inside the source code I mentioned. Apply it every time you install the application on someone's machine (for extra safety).   I hope this can help you, and pardon my English.

       Alan Rezende, Brazil

> Anurag Minocha wrote:
> >
> > Anurag Minocha wrote:
> >
> > > Hi,
> > > We have a application created in Java which connects to Oracle
8.0.5
> > > through jdbc-odbc bridge.
> > > The application always connects to the same user/schema eg: r2 .
I want
> > > that users should not be able to connect to r2 schema in any way
other
> > > than our application even though they know the password. i.e I
want to
> > > prevent access from sql*plus, crystal reports, etc etc.
> > > I know about product user profile table but thats only for
sql*plus.
> > >
> > > Please suggest some way to implement the security.
> > >
> > > Thanks
> > > Anurag
> > >
> > > also reply at
> > > anurag_at_synergy-infotech.com
>

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Fri Dec 03 1999 - 21:04:59 CST