| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Passwords in Roles
If your application give acces to table and SP with roles , this give
you one level of security , because users cannot acces your data if the
role is not a default role and if the role is not set. You can
Second level, is the password of the role. This is like a user password. If you dont know it, you cannot use the role , and therefore, have acces to your data or SP etc.
So if a oracle database users try to acces your data from another application, like SQLplus, they have to connect, they have to know the role name, and they have to know the passord of this role.
In your case, i presume that the 'set role x identified by y' is harcoded in yours apps.
Michael42 wrote:
> Hello,
>
> I have recently become responsible for an Oracle 9i database where a
> set of applications that were written for it extensively use passwords
> in Oracle Roles. The developer who architected these apps has since
> retired so I cannot ask him why he did this. It is causing a great
> hindrance as I prep this database from 10g (exp\imp etc.).
>
> Are there any sound reasons to store passwords in Oracle Roles in
> modern Oracle databases, what are your thoughts on this practice?
>
>
> Thanks for your feedback,
>
> Michael42
Received on Fri Jan 19 2007 - 05:56:59 CST
 |
 |