Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: ROLE PW Encryption

Re: ROLE PW Encryption

From: Nicolas Bronke <N.Bronke_at_web.de>
Date: Thu, 4 Aug 2005 10:53:55 +0200
Message-ID: <3le3d2F126gj4U1@individual.net> 





> Read the last sentence of his reply slowly and carefully (and only

> once, of course)

> The end-user won't be able to read the code as the code has been

> WRAPped.

>



I read it and perhaps I misunderstood something.



It is clear that the user cannot read the code. But he will be able to 
execute the function.


e.g. the function returns the Password uncrypted so that the password can be 
used in


set role role_name identified by uncrypted-password
But if the user can access to the function then he will also get the 
password.


Until now my application has the password hardcoded in the code and the user 
does not know it. Because he shall not be able to access to the data without 
the application.



To create the role like


>    create role oe_admin

>    identified using oe_admin_validate;

works only with 9i and not with 8i as I read. But perhaps I am wrong with 
that.


But nevertheless the the user can initiate the command with any tool ang get 
access, and this should not happen.



Does I am wrong?



Regards


Nicolas 
Received on Thu Aug 04 2005 - 03:53:55 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US