Re: role passwords, security etc

sxdjd_at_orca.alaska.edu (David J. DeWolfe) wrote:
>Greetings all;
>
>Some time ago (probably a year or more), someone posted here regarding
>a scenario by which a password for a role was half embedded in application
>code, and the other half in the database somewhere. This way the
>application could enable the role, yet the password would not be quite as
>easily accessable/viewable. Someone else replied that they thought someone had
>presented a paper on this subject at a previous IOUG-A. We're getting around
>to re-visiting this issue, and I'm looking for any info/help/advice regarding
>having an application enable a password protected role. In general, I'd
>appreciate any thoughts on this subject, and/or alternate ways of
>accomplishing the same task, ie, a user only gains table access
>through an application, and therefore, lacks said access when executing
>sql*plus etc etc. Specifics are:
>
> Digital Unix 3.2C (formerly Digital OSF/1)
> Oracle 7.1.4.1.1 with Procedural and distributed options
> sql*net 2.1.4
>
>Thanks in advance
>
>David DeWolfe
>Data Base Specialist
>Statewide Office of Information Services
>University of Alaska
><sxdjd_at_orca.alaska.edu>
>

David,

The IOUW presentation to which you refer was at the 1994 IOUW. It was presented by Larry S. Dare of Weyerhauser and was titled "Security in a Client/Server Environment." If you can find the 1994 IOUW Proceedings, it is in Volume 2, Paper #124.

HTH

-- 
Mike Morgan
Technology Integration Services - Unix DBA

email: mike.morgan_at_teldta.com

TDS Computing Services
301 S. Westfield Road
Madison, WI 53705  USA
(608)845-4661

"Murphy's Law of computing:  Anything that can go wrSegmentation 
fault(coredump)"
*******************************************************