Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Help: database security
I don't understand why you reject *all* my suggestions. Using an ops$ account would allow you to use 'connect / ' in the Pro*C program. As literals are usually stored legible in the executable and you state the user connecting is 'very privileged' (which is of course definitely a bad idea), using the ops$ mechanism (aka OS authentication) doesn't expose an username and a password anymore.
Regards,
Sybrand Bakker, Oracle DBA
"Wilko" <Wilko_at_yoa.com> wrote in message
news:8vl4k0$hh316_at_inetbws1.citec.com.au...
> Thanks for this help but it doesn't solve
> my problem.
>
> I have a HTML page that calls an API which is
> written in Pro C. Inside the Pro C code contains
> the connect statement which includes the username
> and password.
>
> No one from the outside can see this information.
> My problem is I want to stop programmers knowing
> knowing a username and password to the database.
>
> The user that is connecting in the Pro C needs a
> fair level of privs. So therefore a programmer can
> look at the Pro C code and use the username and
> password of the very privledged user.
>
> Is there a way around this?
>
> Thanks,
> Chris
>
> In article <8vj0jd$90h$1_at_nnrp1.deja.com>, sybrandb_at_my-deja.com wrote:
> >In article <8vi893$hh315_at_inetbws1.citec.com.au>,
> > Wilko_at_yoa.com (Wilko) wrote:
> >> Hi All,
> >>
> >> I want to stop programmers being able to log into
> >> the production database and making changes.
> >>
> >> How can I keep the login/password secret when
> >> it is hard coded into the API that connects to the
> >> database.
> >>
> >> I know don't hard code it. But what is the alternative?
> >>
> >> Thanks,
> >> Chris
> >>
> >
> >1 force the users to enter a username and a password
> >2 use a fixed Oracle user and develop your own login mechanism (see
> >http://osi.oracle.com/~tkyte)
> >3 use ops$ accounts
> >4 put passwords on the roles in use. I have a feeling though in this
> >case they would again hardcode it in the app
> >
> >Hth,
> >
Received on Sun Nov 26 2000 - 09:08:38 CST