Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: username and password storage

Re: username and password storage

From: Nathan Hodgen <nathan_hodgen_at_yahoo.com>
Date: 3 Apr 2002 11:03:37 -0800
Message-ID: <8e9777d1.0204031103.4ee2ca03@posting.google.com> 





I WAS in a Windows environment.  But, if I were in a windows
environment, how would windows authentication be any more safe than
controlling who has adminstrative privileges?  Also, if someone has
administrativee privileges, can they not cause all kinds of trouble
beyond the scope of a specific application using windows
authentication?



However, I am currently in a Unix environment.  The client in some
cases is weblogic, some cases IPlanet, and some cases a COM object. 
What is the standard accepted place/method to store passwords in the
client application server to log into Oracle?  I have right now three
options: hardcode, code library, registry/file.



Should I be employing the operating system (Sun) in this?  



Lastly, this is not a medical system, and therefore does not have to
meet HIPAA standards, however, I don't see any reason why it shold
not.



THANKS!


Nathan




Rick Wessman <Rick.WessmanNO_SPAM_at_oracle.com> wrote in message news:<a8f1kr0i5k_at_drn.newsguy.com>...


> Hi, Nathan:

> 

> Since you are in a Windows environment, I *strongly* suggest using Windows

> authentication. It allows users to connect without having to specify a password.

> 

> Generally, hard coding user credentials is extremely insecure. Storing them in

> the registry will expose them to anyone with administrator privilege.

> 

>                                        Rick

> 

> n article <8e9777d1.0204030528.3b0380c7_at_posting.google.com>,

> nathan_hodgen_at_yahoo.com says...

> >

> >Thanks Daniel,

> >

> >I am sorry. When I said client, I did not mean an Oracle client.  I

> >meant any general client like a COM object or an ADO connection.

> >

> >The users I have supported in the past have either hardcoded the login

> >credentials in their code or stored them in the registry (speaking of

> >a windows environment).  Is there a better way to do this?

> >

> >Thanks again,

> >Nathan

> >

> >damorgan <damorgan_at_exesolutions.com> wrote in message

> >news:<3CA9D663.45F5BDE2_at_exesolutions.com>...

> >> Typically in an Oracle application one never stores them.

> >> 

> >> Which part of the Oracle security model doesn't work for you.

> >> 

> >> Daniel Morgan

> >> 

> >> 

> >> 

> >> Nathan Hodgen wrote:

> >> 

> >> > What is the standard place, if there is one, for storing username and

> >> > password for an Oracle account in a client?  Traditionally (in a

> >> > windows 2k envirnoment), I have stored the connect string encrytped in

> >> > the registry.

> >> >

> >> > THANKS,


> >> > Nathan

> 

>                                 Rick Wessman

>                                 Oracle Corporation

> 

>      The opinions expressed above are mine and do not necessarily reflect

>                          those of Oracle Corporation.

Received on Wed Apr 03 2002 - 13:03:37 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US