Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Adding some random characters to Oracle password

Re: Adding some random characters to Oracle password

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Thu, 28 Oct 2004 17:56:24 +1000
Message-ID: <4180a616$0$22672$afc38c87@news.optusnet.com.au> 





Pete Finnigan wrote:


>>Just out of interest, and ignoring for the moment that it is roles that
>>are granted to a user and not the other way around: how do you propose
>>this should work? You mean the application grants roles on log on? And
>>then presumably it revokes roles on log-off? And if the user crashes out
>>and doesn't log off cleanly??




> Hi Howard,

> 

> I think he is talking about "enabling" roles not granting them. You can

> also use secure application roles so that the enabling function can

> determine that it is being called from a user connected via the

> application server (or in this case the server the application is

> running on). 




Now, whilst it is true that "you can", the original poster cannot, because
he's on 8.1.6. So I figured he wasn't talking about that.



And for the same reason, I presumed he wasn't talking about merely issuing
'set role' commands, because those could be hacked without necessarily
coming in via the application.



My point to the proposer of this idea (I really must stop being so subtle)
is that as written, it doesn't make much sense. So some clarification was
in order.



Regards


HJR





> The function can also check usernames and application set 

> values to determine which roles to enable.

> kind regards

> 

> Pete

Received on Thu Oct 28 2004 - 02:56:24 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US