Re: Calculated passwords ?

Andreas Koch wrote:

> Daniel Morgan wrote:
> >
> > Perhaps I am not understanding what you are trying to accomplish. What is
> > the point here? Are you trying to say that anyone can enter any garbage
> > they want and a function tries to validate it against some set of rules?
>
> Sort of.
> I want a client app to connect to oracle using a "hardwired" user and
> password. And i'd like to prevent people knowing that password from
> login in via other apps.
>
> To achieve this, i'd like to use an calculated, changing password;
> trivialized example:
>
> user:scott
> pass:tiger||sysdate
>
> --
> Andreas
> To boldly go where no sane person has gone before

I don't say this to be insulting but it is readily apparent that your understanding of Oracle security is minimal. If Oracle's standard security is sufficient for NSA, FBI, CIA, NYSE, and almost every bank on the planet I am quite sure it will somehow manage to make it past your requirements if you understood what is already available.

Instead of spending your time with bubblegum and rubberbands spend the same time learning that which already exists.

When you understand roles, profiles, password verify functions, invited_nodes, excluded_nodes, AFTER LOGON triggers, and the rest of what is available you still think you have a security problem please let us know.

Right now I suspect your biggest liability is that you don't understand the software you are working with.

Daniel Morgan Received on Wed Aug 14 2002 - 17:52:57 CDT