Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle security question
Max7 wrote:
> Hi everyone,
>
> I have an application (not customised) that accesses data from Oracle 8i
> database. Some background, database resides on Sun Unix and application
> resides on Windows 2000. Users authenticates through win2k.
>
> To connect from app to database, I have created a connection string that
> calls the database schema. However that connection string is in clear text,
> and it contains schema ID and password.
>
> I wish to secure this connection. May I know how do that? To encrypt this
> file or use Net8 or any suggestions?
>
>
>>Max
>
A couple of points.
You must use Net8 (if you're on Oracle8i) - it's not an option - if you want to connect to your database.
Does your application have a UI? If so, you'd be much better off asking the user to supply a username/password. If there is no UI, then you pretty much have to send the connect string in clear text (and hope no one puts a sniffer on the line).
If anyone knows otherwise, I'd certainly be interested since our WebLogic connection pool sends clear text (well, sorta). Received on Wed Nov 13 2002 - 11:03:13 CST