Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: encrypt passwords and hold on Oracle tables
We implemented a similar thing for intranet stuff. Users and their passwords
are maintained in a specific table. The password column is visible only to
table owner, other users access the table (if need be) through a view which
just shows userid and modules to which they can access. The encrypt/decrypt
is performed by RC4 (a fine utility from our own Jared Still), and works
flawlessly. Once the users are validated, we have a specific user which
actually connects to the DB (managed through a DTD, yes, I know but some
portion is still on OWS) and data can be accessed.
BTW, that problem with "logical user", have you considered 'BECOME USER' ? Once your logical user is validated, programmatically issue a BECOME USER and then access the database.
HTH
Raj