In article <3D21CEF4.11A4E6E9_at_exesolutions.com>, Daniel says...
>
>Chris Forbis wrote:
>
>> I need to store a users password in a format that can be used by my
>> application without login a user in (I have an user that will have
>> access only to the PW table)
>>
>> I have a table like this
>> USER_ID : OracleUserID
>> PW_ENCODED : MD5 encoded password
>>
>> I would like this MD5 encoded password to always be valid for a user.
>> I need to be able to update it when a user alters there password.
>> Ideas?
>>
>> Is there a on alter password trigger?
>>
>> Or better yet how does Oracle valid a user against a password, that
>> would be a better place to get my job done.
>>
>> Thanks!
>
>I'm with Niall on this one. I think you are attempting to reinvent the
>wheel and doing so in a very inefficient manner that likely will violate
>any security directives.
>
>Please state the problem you are trying to solve and let us suggest how
>to do it in Oracle.
>
>Daniel Morgan
>
I suggest using the proxy authentication feature (previously called N-tier) to
do what you want. It allows the application to pass the username and password to
the database for authentication. Each user would be a separate database user.
While I understand the desire for performance you stated in another post, it's
not worth the security of database to reduce the time needed for connections.
Rick
Rick Wessman
Oracle Corporation
The opinions expressed above are mine and do not necessarily reflect
those of Oracle Corporation.
Received on Fri Jul 05 2002 - 11:26:56 CDT
