| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: logon best practices???
Hi
>>So, my question is “how do your home-grown apps know what user-id/pswd
>>to use and how do you secure this information from the general user
community?
There are numbers of ways to solve this king of problems. First, find out
if you really
need it. Maybe your end users will not have access to developers code and
binaries,
so why not hardcode it? Another approach is to prompt the password before
connecting to the applications data. This way you garantee that passwords
are not
stored anywhere and only persons told them are able to use them. To
further
improve the latter scheme, create different db accounts with different
grants made
to them, and delegate an appropriate account to each development group.
>>Secondly, do you make any attempt to hide the password from
>>the application developers?”
I would not do it because developers will need to work with your data
anyway.
And it's a bit like hiding the information about your decease from your
doctor.
>>Could the use of roles be part of the solution? If so, how?
You can have separate roles, say, for only selecting and for modifying
data.
There are many ways to do it. In the application or in SqlPlus you will
issue
SET ROLE operator and eventually enter the password. But there is something
you should be aware about. Certain operations cannot be done through roles.
Like, f.e. you cannot create a view on a table you have access thru a role...
Regards,
Karen Abgarian.
Ed Stevens wrote:
> I’m sure this issue has been beat to death before, so please bear with
> me. I’m seeking “best practice” ideas for logon security for Oracle
> databases in an NT environment.
>
> Currently, we are having applications use a single, common userid (say,
> “AppUser”) to log on to the databases. Obviously, we do not wish for
> that userid/pswd to become known because with it a user could use
> Excel, Access or any other tool to connect to the database with full
> update authority and without the constraints imposed by the
> applications. We have separate development projects going on in
> Powerbuilder, Visual Basic, and Cobol. The problem is how to deliver
> the userid and (more importantly) the password to the applications from
> a central “repository” so that they don’t have to hard-code them into
> the app.
>
> So, my question is “how do your home-grown apps know what user-id/pswd
> to use and how do you secure this information from the general user
> community? Secondly, do you make any attempt to hide the password from
> the application developers?”
>
> Could the use of roles be part of the solution? If so, how?
>
> TIA.
>
> Ed Stevens
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
Received on Fri Aug 20 1999 - 15:10:38 CDT
 |
 |