Re: embedded passwords

From: Kentucky Dan <danielrlevy_at_ameritech.net>
Date: Wed, 14 Mar 2001 04:57:01 -0600
Message-ID: <P8Ir6.438$Wf6.30335_at_nntp0.chicago.il.ameritech.net>


The application should be modified to prompt the user for the ID and password if run interactive. If run in batch mode, devise some way of putting the ID and password into a file that is protected from the world, and pass the name of the file as a parameter to the application. The file's contents will have to be changed every time the user changes their password in Oracle but that's life.

"Soljer" <soldier_at_bigfoot.com> wrote in message news:tWvr6.3147$GD.1832876_at_typhoon.snet.net...
> Hello,
>
> We are looking to reduce internal credit card fraud in our company by
> setting up user security in Oracle so that everyone has their own unique
 ID
> and password and so that passwords expire every 90 days.
>
> The problem: We have many applications that were created in-house that
> contain embedded ID's and passwords so I was told we can't change ID's and
> passwords in Oracle. My questions are:
>
> - What are other people doing out there in a case like this? Is there any
> way to take the embedded ID's and passwords out of the applications and
> still have them function correctly?
> - Or can we leave an ID embedded in an application without embedding the
> password so the user using the app will be prompted for a password each
 time
> they use the app? This way we could set expiring passwords, lockout
 settings
> etc.
>
> I'm a newbie with Oracle - any info appreciated!
>
> Thanks
>
>
Received on Wed Mar 14 2001 - 11:57:01 CET

Original text of this message