Re: Password alternatives

Richard wrote:
>
> I recently inherited a database with several hundred user accounts, each
> with a separate password. Each account needs to be accessed frequently by a
> number of operators in order to manage the database application. Security
> policies preclude the recording of passwords in an easily accessible format
> (e.g. writing them down). The passwords are changed regularly - sometimes by
> users who forget to tell anybody what the new password is!
>
> Chaos reigns supreme!
>
> There must be a better way to authenticate users. Does anybody have any
> opinions or suggestions? Hardware solutions, like biometric devices or smart
> card readers, are not an option due to cost.
>
> I wondered whether the use of SecurID cards might provide a solution. I've
> used SecurID to authenticate dialup users but never to authenticate Oracle
> users. I'd be interested to hear from anybody who has used SecureID with
> Oracle 8/9. Does it work well? Can a single card be used to access
> multiple Oracle accounts?
>
> Thanks,
>
> Richard

Oracle has a v3 compliant LDAP mechanism called OiD. Great for storing passwords, certificates, etc. Depending on your environment, you might want to look at Oracle's Single Sign On as well.

I'd also suggest a visit to Oracle's HQ to discuss security in general. I've found that a decent 1-2 hour session with people like Mary Anne Davidson will generally give more guidelines than a month of reading.

Also suggest you look very closely at http://www.petefinnigan.com/ for some serious Oracle-related security advice & white papers.

/Hans Received on Tue Dec 23 2003 - 20:11:01 CST