Chuck said on 12/07/2004 02:56 PM:
> amerar_at_iwc.net wrote:
>
>>Hi All,
>>
>>I am hving real trouble with this one. Basically I've been asked to
>>crack down on database security. Everyone knows all the passwords to
>>all the schemas.
>>
>>The problem is this place has several Visual Basic applications where
>>the password is hard coded into the code. This does me no good,
>>because once I change the password, I need to tell the developer what
>>it is......it defeats the purpose of changing the password.
>>
>>What options are available to me? We are running Oracle 8.1.7.3. I
>>need to hide the passwords from everyone. But I'm not sure what
>>options I have over a network......
>>
>>Thanks,
>>
>>Arthur
>>
>
>
> Have the application read the password from a registry key. Developers
> would only have access to the password of the development database. When
> the application gets migrated to production, it should be on a server
> where they don't have access to the registry.
One good practice to follow is that applications should not be
connecting to the schema account which owns the objects. It
should connect to another account which has the minimal
privileges that it needs to do whatever it needs to do. You
still have the issue of hiding that password from developers, but
at least they can't do any ddl.
--
Joe
http://www.joekaz.net/
Received on Sun Dec 12 2004 - 17:44:50 CST
