Re: Help: database security

Thanks for this help but it doesn't solve my problem.

I have a HTML page that calls an API which is written in Pro C. Inside the Pro C code contains the connect statement which includes the username and password.

No one from the outside can see this information. My problem is I want to stop programmers knowing knowing a username and password to the database.

The user that is connecting in the Pro C needs a fair level of privs. So therefore a programmer can look at the Pro C code and use the username and password of the very privledged user.

Is there a way around this?

Thanks,
Chris

In article <8vj0jd$90h$1_at_nnrp1.deja.com>, sybrandb_at_my-deja.com wrote:
>In article <8vi893$hh315_at_inetbws1.citec.com.au>,
> Wilko_at_yoa.com (Wilko) wrote:
>> Hi All,
>>
>> I want to stop programmers being able to log into
>> the production database and making changes.
>>
>> How can I keep the login/password secret when
>> it is hard coded into the API that connects to the
>> database.
>>
>> I know don't hard code it. But what is the alternative?
>>
>> Thanks,
>> Chris
>>
>
>1 force the users to enter a username and a password
>2 use a fixed Oracle user and develop your own login mechanism (see
>http://osi.oracle.com/~tkyte)
>3 use ops$ accounts
>4 put passwords on the roles in use. I have a feeling though in this
>case they would again hardcode it in the app
>
>Hth,
>
Received on Fri Nov 24 2000 - 01:20:35 CST