Re: OS authentication question
Date: Wed, 16 Jan 2008 14:32:44 -0800 (PST)
On Jan 17, 8:23 am, GS <G..._at_GS.com> wrote:
> We've not used OS authentication here for any databases yet, so this is
> relatively new to me. To make our SOX compliance easier we are thinking
> about going to OS authentication for a lot of our app's that run on
> Oracle databases, since our network passwords are now very stringent and
> the beancounters are saying the database passwords need to meet the same
> criteria, but if the users connect with the complex OS password then we
> are ok.
You'll create a lot of security holes this way. You can close some of them by only allowing access via an app server like Citrix, and authenticating the users there. Networking rules can allow connections from just the app server(s) and whatever other PCs need access. However, this may not meet your minimum standards for security and it'll probably cost you in administration issues down the track.