Nathan Hodgen wrote:
>I WAS in a Windows environment. But, if I were in a windows
>environment, how would windows authentication be any more safe than
>controlling who has adminstrative privileges? Also, if someone has
>administrativee privileges, can they not cause all kinds of trouble
>beyond the scope of a specific application using windows
>authentication?
>
>However, I am currently in a Unix environment. The client in some
>cases is weblogic, some cases IPlanet, and some cases a COM object.
>What is the standard accepted place/method to store passwords in the
>client application server to log into Oracle? I have right now three
>options: hardcode, code library, registry/file.
>
>Should I be employing the operating system (Sun) in this?
>
>Lastly, this is not a medical system, and therefore does not have to
>meet HIPAA standards, however, I don't see any reason why it shold
>not.
>
>THANKS!
>
>Nathan
>
>
>Rick Wessman <Rick.WessmanNO_SPAM_at_oracle.com> wrote in message news:<a8f1kr0i5k_at_drn.newsguy.com>...
>
>>Hi, Nathan:
>>
>>Since you are in a Windows environment, I *strongly* suggest using Windows
>>authentication. It allows users to connect without having to specify a password.
>>
>>Generally, hard coding user credentials is extremely insecure. Storing them in
>>the registry will expose them to anyone with administrator privilege.
>>
>> Rick
>>
>>n article <8e9777d1.0204030528.3b0380c7_at_posting.google.com>,
>>nathan_hodgen_at_yahoo.com says...
>>
>>>Thanks Daniel,
>>>
>>>I am sorry. When I said client, I did not mean an Oracle client. I
>>>meant any general client like a COM object or an ADO connection.
>>>
>>>The users I have supported in the past have either hardcoded the login
>>>credentials in their code or stored them in the registry (speaking of
>>>a windows environment). Is there a better way to do this?
>>>
>>>Thanks again,
>>>Nathan
>>>
>>>damorgan <damorgan_at_exesolutions.com> wrote in message
>>>news:<3CA9D663.45F5BDE2_at_exesolutions.com>...
>>>
>>>>Typically in an Oracle application one never stores them.
>>>>
>>>>Which part of the Oracle security model doesn't work for you.
>>>>
>>>>Daniel Morgan
>>>>
>>>>
>>>>
>>>>Nathan Hodgen wrote:
>>>>
>>>>>What is the standard place, if there is one, for storing username and
>>>>>password for an Oracle account in a client? Traditionally (in a
>>>>>windows 2k envirnoment), I have stored the connect string encrytped in
>>>>>the registry.
>>>>>
>>>>>THANKS,
>>>>>Nathan
>>>>>
>> Rick Wessman
>> Oracle Corporation
>>
>> The opinions expressed above are mine and do not necessarily reflect
>> those of Oracle Corporation.
>>
What about using the Oracle Advanced Security Option permitting to
centralize the information in a LDAP directory?
Received on Thu Apr 04 2002 - 06:04:11 CST
