Re: ROLE PW Encryption

"Nicolas Bronke" <N.Bronke_at_web.de> wrote in message news:3l9mhnF11nr63U1_at_individual.net...
>I am searching for a special security problem and need a tip.
>
> In our application the oracle-user get at runtime a special role assigned
> which is password protected. The normal user should not know this role
> password.
> Until now we are using an special password inside of our application
> (delphi and jsp) where we are setting the none default role to the user
> after connecting. But we would like to make the password more flexible.
> That means the customer DBA should be able to change the password.
>
> Now we first thought about a password file alternative to a special
> password table inside of oracle.meanwhile I am thinking the second
> solution is the best, but where we should now implement the algorithym for
> de and encrypting. Using the Oracle package functions has it charme, but
> then the user can also access to the decryption algorithm and therefore he
> could find out the password.
>
> Now, does there another way else to implement the algorithm inside of our
> application?
>
> Thank you for helpful hints.
>
> Regards
> Nicolas
>

please post your DB version

you may be able to take advantage of procedure-authenticated roles. ie:

    create role oe_admin
    identified using oe_admin_validate;

where 'oe_admin_validate' is a procedure that the user/application invokes to authenticate and enable the role

++ mcs Received on Tue Aug 02 2005 - 12:05:27 CDT