Re: How to avoid hard-coded password inside Pro-C programs
From: Chris <christophera_at_worldnet.att.net>
Date: 15 Jan 1999 00:08:15 GMT
Message-ID: <369E86A3.15_at_worldnet.att.net>
Date: 15 Jan 1999 00:08:15 GMT
Message-ID: <369E86A3.15_at_worldnet.att.net>
Pedro Tavares wrote:
>
> I would like to receive suggestions on how to avoid the need to hard code
> the password inside programs. Is there a better way to do this? Every time
> that I want to change the password, I have to edit all the sources, change
> it and recompile everithing again.
> Thanks
>
> Pedro Tavares
> Lisbon, Portugal
My solution:
- Allow clients to log in with OS authentication (basically, just a userid on the client that exists in the database, like doing a "sqlplus /". The user can log in, but has no roles. After the login, run a procedure on the client that gets the role passwords from someplace (in my case, I am in a Sun NIS+ environment and I get them from an encrypted NIS+ table) decrypt them, and then do "set role foo identified by pass" for each one the user is supposed to have. Their login will then come to life with the permissions they need, but they can't anything outside of this method..