VB4 and passwords on Oracle 7 roles

From: Brian M. Biggs <bbiggs_at_cincom.com>
Date: 1996/01/31
Message-ID: <310FB883.C9F_at_cincom.com>#1/1

We are using ODBC to interact with an MDB file that is attached to an Oracle database. Our application will control access to the tables WITHIN THE APPLICATION, but there is really nothing stopping a user from opening up Access and connecting directly to the MDB and viewing or modifying the data in the tables.

I thought we could use an Oracle role with a password to control access to the tables. Our application would enable the role with a password, and the user could access the data. Then, even if the user opened the MDB directly, the role would not be enabled, and they wouldn't be able to see the tables or any data. The problem is the password for the role. I'd rather not embed a password in the application. We'd like to have the flexibility of changing the role password at any time and not having to visit each workstation to change their application.

As a solution, what about storing the password in encrypted form in the Oracle database, retrieving it and decrypting it in the application, and then sending it back to Oracle to enable the role?

Does anyone have any experience with this or a similar situation? Is there an encryption/decryption algorithm in VB4 or some add-on that we could use? Any help is appreciated.

Thanks in advance,
Brian

-- 
Brian M. Biggs                             mailto:bbiggs_at_cincom.com
Cincom Systems, Inc.                       voice: (513) 677-7661
http://www.cincom.com/

Received on Wed Jan 31 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Helge Petersen: "Q: ROWNUM in Forms 4.0 ?"
Previous message: David Slavin: "Oracle Forms *.fmt Files"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message