Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Oracle Security Question
<amerar_at_iwc.net> schrieb im Newsbeitrag news:1102612813.056970.16540_at_c13g2000cwb.googlegroups.com...
>
> Volker Hetzer wrote:
> > <amerar_at_iwc.net> schrieb im Newsbeitrag
> news:1102432338.770876.210810_at_f14g2000cwb.googlegroups.com...
> > >
> > > Hi All,
> > >
> > > I am hving real trouble with this one. Basically I've been asked
> to
> > > crack down on database security. Everyone knows all the passwords
> to
> > > all the schemas.
> > So, change them and tell users their own passwords.
> >
> > >
> > > The problem is this place has several Visual Basic applications
> where
> > > the password is hard coded into the code. This does me no good,
> > > because once I change the password, I need to tell the developer
> what
> > > it is......it defeats the purpose of changing the password.
> > Who asked you to crack down on security? Tell thay guy that the
> passwords
> > have to go from the apps. Users have to type them in each time they
> log on.
> >
> > >
> > > What options are available to me? We are running Oracle 8.1.7.3.
> I
> > > need to hide the passwords from everyone. But I'm not sure what
> > > options I have over a network......
> > Can you access an LDAP server?
> >
> > Lots of Greetings!
> > Volker
>
> This issue here is that the developers know the password, and go into
> production and change stuff. If I tell the developer what the password
> is, it defeats the purpose of changing the password.
Yes, that's why the app ought to be changed so that the user has to type
in the password. Then the developers won't know it. Doing a proper
password management is the only solution that works in the long term.
Lots of Greetings!
Volker
Received on Fri Dec 10 2004 - 04:13:10 CST