Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> ROLE PW Encryption

ROLE PW Encryption

From: Nicolas Bronke <N.Bronke_at_web.de>
Date: Tue, 2 Aug 2005 18:49:56 +0200
Message-ID: <3l9mhnF11nr63U1@individual.net> 





I am searching for a special security problem and need a tip.



In our application the oracle-user get at runtime a special role assigned 
which is password protected. The normal user should not know this role 
password.


Until now we are using an special password inside of our application (delphi 
and jsp) where we are setting the none default role to the user after 
connecting. But we would like to make the password more flexible. That means 
the customer DBA should be able to change the password.



Now we first thought about a password file alternative to a special password 
table inside of oracle.meanwhile I am thinking the second solution is the 
best, but where we should now implement the algorithym for de and 
encrypting. Using the Oracle package functions has it charme, but then the 
user can also access to the decryption algorithm and therefore he could find 
out the password.



Now, does there another way else to implement the algorithm inside of our 
application?



Thank you for helpful hints.



Regards


Nicolas 
Received on Tue Aug 02 2005 - 11:49:56 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US