Re: Q: ORACLE Logon Account

From: Jgreene <jgreene_at_aol.com>
Date: 8 Jul 1994 17:52:02 -0400
Message-ID: <2vkhq2$63g_at_search01.news.aol.com>

In article <1994Jul8.071111.21234_at_ericsson.se>, ebcrbj_at_ebcw150.ericsson.se (Roger Bjaerevall) writes:

> Question: It seams impossible to have one account per user (to ensure the sequrity)
> if there are business specific rules & management in an
application that
> process the information WIHTOUT using PL/SQL!?

Try the solution we came up with. Build a routine to scramble the password in some non-obvious manner (some encryption algorith). Give this same routine to the DBA on a screen that allows him/her to create new user IDs. Therefore, when a user uses the application and has all of the privileges and roles of the account, they need to go through your application software since they do not know their true password (only the unscrambled one). If they try to use that password through a client server or host based application (such as Q+E or SQL*Plus) they will enter the unscrambled password and be rejected. The user would have great difficulty hacking the scrambling algorithm since the true password is stored in Oracle tables. Received on Fri Jul 08 1994 - 23:52:02 CEST

This message: [ Message body ]
Next message: Richard Spitz: "How to handle error ORA-01405?"
Previous message: Jack Carter: "Re: Q: ORACLE Logon Account"
In reply to Roger Bjaerevall: "Q: ORACLE Logon Account"
Next in thread: Sandor Nieuwenhuijs: "Re: Q: ORACLE Logon Account"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message