Odp.net and Proxy (n-tier) Authentication

From: Carolyn <postreply_at_dontemail.com>
Date: Wed, 28 Apr 2004 15:01:52 GMT
Message-ID: <AHPjc.31343$Np3.1114784_at_ursa-nb00s0.nbnet.nb.ca>

We are investigating using Proxy Authentication from asp.net web forms. The idea is that we could preserve the identity of individual users in Oracle without maintaining separate Oracle passwords for each of them.

This connection (odp.net) does just that: con.ConnectionString ="Data Source=DB1;User Id=RealUser;Proxy User Id=TechnicalUser; Proxy Password=TechnicalUser"

The concern is how to protect the Proxy Password. Leaving it in clear text in code is not acceptable. I am looking for suggestions of secure methods of handling this password. I know this is not an 'Oracle server' issue but it is an issue that must be resolved before we can adopt an attractive feature of Oracle.

Today we do not store any passwords, each user is prompted to enter his own password which is then authenticated by Oracle. We do not have Oracle Advanced Security. We do have more than one Oracle database and the goal is to reduce the number of passwords each user has to remember and change on a regular basis. Received on Wed Apr 28 2004 - 17:01:52 CEST

Original text of this message