Re: oracle - authenticate with username and password

From: Donkey Hot <spam@xxxxxxxxxxxxxxxxx>
Date: 12 Jan 2008 02:26:36 GMT

Lew <lew@xxxxxxxxxxxxx> wrote in
news:FICdncqg3piyuRXanZ2dnUVZ_gOdnZ2d@xxxxxxxxxxx:

I think we aren't clear on what the OP means by the "oracle [sic]
username and password".

The usual way to authenticate is to have a username (rolename) /
password table in the application's database (i.e., not the RDBMS
system tables), that applies to the application, not the database.

I'm not sure if I like that concept at all. Especially Oracle has great
means of granting users rights and roles. I think it's not really ideal for
an application to reinvent the wheel and establish own mechanisms for that.

More so, if you want to have an audit system upon your database keeping
track for what people do in the db. My business happens to be in security,
and I have implemented and audit reporting system for a hospital, who
wanted to know if their users peek what and when.

When everything was ready, we saw that there was only one "user" in the
system... some fixed "application" user, who authenticated the users
againts it's own table. The audit report showed all queries and updates
done to the database, including clear text passwords to the application
user/role repository. So much for security.

There are great auditing systems for databases, like Lumigent AuditDB.
Great tool renders almost useless with all those home made applications.

That's sad. Databases do have concepts of USER, PASSWORD, ROLE and ACCESS
RIGHT. There is no need to duplicate them in any application.

.

Follow-Ups:
- Re: oracle - authenticate with username and password
  - From: Lew

References:
- oracle - authenticate with username and password
  - From: dave
- Re: oracle - authenticate with username and password
  - From: Donkey Hot
- Re: oracle - authenticate with username and password
  - From: Lew

Prev by Date: Re: Great SWT Program
Next by Date: Re: How to count the context switches times
Previous by thread: Re: oracle - authenticate with username and password
Next by thread: Re: oracle - authenticate with username and password
Index(es):
- Date
- Thread

Relevant Pages

Re: Problem in authentication using asp.net for a webpage
... indicative of password and username not matching? ... SQL statement must be surrounded by single quotes. ... Did you think to try running your sql statement against the database outside ... >I am trying to implement a simple way to authenticate users before ...
(microsoft.public.dotnet.framework.aspnet)
ASP.Net not impersonating for WSE 2.0 AuthenticateToken method
... I have several web services that use WSE to authenticate calling users. ... I use a UsernameToken that validates the sent username and password ... against our SqlServer database. ...
(microsoft.public.dotnet.framework.aspnet.webservices)
ASP.Net not impersonating for WSE 2.0
... I have several web services that use WSE to authenticate calling users. ... I use a UsernameToken that validates the sent username and password ... against our SqlServer database. ...
(microsoft.public.dotnet.framework.aspnet.webservices)
Re: Connecting to an Oracle database
... the username and the password. ... The Server name is the name of the computer hosting Oracle. ... > computer where the database is. ...
(borland.public.delphi.database.ado)
Query Oracle, show results (need help!!)
... I am trying to log into an Oracle database, ... #Note the variables for username and password must be username and passwd ONLY!! ... Prepare the SQL statement for running and it'll be stored in Oracle buffer ...
(perl.beginners)