 | |
Oracle Security Question
comp.databases.oracle.misc comp.databases.oracle.misc
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
Oracle Security Question -
12-07-2004
, 09:12 AM
#2
| |||
| |||
|
|
Hi All, I am hving real trouble with this one. Basically I've been asked to crack down on database security. Everyone knows all the passwords to all the schemas. The problem is this place has several Visual Basic applications where the password is hard coded into the code. This does me no good, because once I change the password, I need to tell the developer what it is......it defeats the purpose of changing the password. What options are available to me? We are running Oracle 8.1.7.3. I need to hide the passwords from everyone. But I'm not sure what options I have over a network...... Thanks, Arthur An excellent place to start doing your research is here: |
There is a wealth of information there, some of which I'm sure can get
you pointed in the right direction.
#3
| |||
| |||
|
|
Hi All, I am hving real trouble with this one. Basically I've been asked to crack down on database security. Everyone knows all the passwords to all the schemas. So, change them and tell users their own passwords. |
Quote:
|
The problem is this place has several Visual Basic applications where the password is hard coded into the code. This does me no good, because once I change the password, I need to tell the developer what it is......it defeats the purpose of changing the password. Who asked you to crack down on security? Tell thay guy that the passwords |
Quote:
|
What options are available to me? We are running Oracle 8.1.7.3. I need to hide the passwords from everyone. But I'm not sure what options I have over a network...... Can you access an LDAP server? |
Lots of Greetings!
Volker
#4
| |||
| |||
|
|
amerar (AT) iwc (DOT) net> schrieb im Newsbeitrag news:1102432338.770876.210810 (AT) f14g2000cwb (DOT) googlegroups.com... Hi All, I am hving real trouble with this one. Basically I've been asked to crack down on database security. Everyone knows all the passwords to all the schemas. So, change them and tell users their own passwords. The problem is this place has several Visual Basic applications where the password is hard coded into the code. This does me no good, because once I change the password, I need to tell the developer what it is......it defeats the purpose of changing the password. Who asked you to crack down on security? Tell thay guy that the passwords have to go from the apps. Users have to type them in each time they log on. What options are available to me? We are running Oracle 8.1.7.3. I need to hide the passwords from everyone. But I'm not sure what options I have over a network...... Can you access an LDAP server? Lots of Greetings! Volker |
production and change stuff. If I tell the developer what the password
is, it defeats the purpose of changing the password.
However, I like the idea of hiding it in the registry. That can open
up several possibilities.
Arthur
#5
| |||
| |||
|
|
Volker Hetzer wrote: amerar (AT) iwc (DOT) net> schrieb im Newsbeitrag news:1102432338.770876.210810 (AT) f14g2000cwb (DOT) googlegroups.com... Hi All, I am hving real trouble with this one. Basically I've been asked to crack down on database security. Everyone knows all the passwords to all the schemas. So, change them and tell users their own passwords. The problem is this place has several Visual Basic applications where the password is hard coded into the code. This does me no good, because once I change the password, I need to tell the developer what it is......it defeats the purpose of changing the password. Who asked you to crack down on security? Tell thay guy that the passwords have to go from the apps. Users have to type them in each time they log on. What options are available to me? We are running Oracle 8.1.7.3. I need to hide the passwords from everyone. But I'm not sure what options I have over a network...... Can you access an LDAP server? Lots of Greetings! Volker This issue here is that the developers know the password, and go into production and change stuff. If I tell the developer what the password is, it defeats the purpose of changing the password. However, I like the idea of hiding it in the registry. That can open up several possibilities. Arthur |
using EXCLUDED NODES. Another is a log on trigger and a threat from
management to replace them if they ever log onto production. The later
is remarkably effective if serious.
--
Daniel A. Morgan
University of Washington
damorgan@x.washington.edu
(replace 'x' with 'u' to respond)
#6
| |||
| |||
|
|
Volker Hetzer wrote: amerar (AT) iwc (DOT) net> schrieb im Newsbeitrag news:1102432338.770876.210810 (AT) f14g2000cwb (DOT) googlegroups.com... Hi All, I am hving real trouble with this one. Basically I've been asked to crack down on database security. Everyone knows all the passwords to all the schemas. So, change them and tell users their own passwords. The problem is this place has several Visual Basic applications where the password is hard coded into the code. This does me no good, because once I change the password, I need to tell the developer what it is......it defeats the purpose of changing the password. Who asked you to crack down on security? Tell thay guy that the passwords have to go from the apps. Users have to type them in each time they log on. What options are available to me? We are running Oracle 8.1.7.3. I need to hide the passwords from everyone. But I'm not sure what options I have over a network...... Can you access an LDAP server? Lots of Greetings! Volker This issue here is that the developers know the password, and go into production and change stuff. If I tell the developer what the password is, it defeats the purpose of changing the password. Yes, that's why the app ought to be changed so that the user has to type |
password management is the only solution that works in the long term.
Lots of Greetings!
Volker
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.