Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Help: database security

Re: Help: database security

From: <sybrandb_at_my-deja.com>
Date: Thu, 23 Nov 2000 11:55:26 GMT
Message-ID: <8vj0jd$90h$1@nnrp1.deja.com> 






In article <8vi893$hh315_at_inetbws1.citec.com.au>,
  Wilko_at_yoa.com (Wilko) wrote:


> Hi All,

>

> I want to stop programmers being able to log into

> the production database and making changes.

>

> How can I keep the login/password secret when

> it is hard coded into the API that connects to the

> database.

>

> I know don't hard code it. But what is the alternative?

>

> Thanks,

> Chris

>




1 force the users to enter a username and a password
2 use a fixed Oracle user and develop your own login mechanism (see
http://osi.oracle.com/~tkyte)


3 use ops$ accounts


4 put passwords on the roles in use. I have a feeling though in this
case they would again hardcode it in the app



Hth,


--
Sybrand Bakker, Oracle DBA

All standard disclaimers apply
------------------------------------------------------------------------


Sent via Deja.com http://www.deja.com/
Before you buy.


Received on Thu Nov 23 2000 - 05:55:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US