Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password

Re: Adding some random characters to Oracle password

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Thu, 28 Oct 2004 08:32:46 +0100
Message-ID: <z9CwVACeCKgBRxy1@peterfinnigan.demon.co.uk> 





>Just out of interest, and ignoring for the moment that it is roles that are

>granted to a user and not the other way around: how do you propose this

>should work? You mean the application grants roles on log on? And then

>presumably it revokes roles on log-off? And if the user crashes out and

>doesn't log off cleanly??



Hi Howard,



I think he is talking about "enabling" roles not granting them. You can
also use secure application roles so that the enabling function can
determine that it is being called from a user connected via the
application server (or in this case the server the application is
running on). The function can also check usernames and application set
values to determine which roles to enable. 



kind regards



Pete

-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Thu Oct 28 2004 - 02:32:46 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US