Does anyone have good ideas and knowledge on how to secure authentication and do efficient password management and auditing for a client server system that uses power builder and oracle 9i. we are moving to 11 g shortly.
currently we use the big application model where client connects to db using one account and each user had an application account in a database application table.
From what i understand this not not very secure and good.
also having the db userid/password in the client executable is not safe as they can read with binary readers or spoofed over the network.
we are thinking of creating a db account per user and establishing connection based on that. Also we need to audit user activity and DB should be able to tdo that since it knows who the user is.
Not sure if it is easier to mange database user accounts instead of application accounts too.
any ideas, designs appreciated.
Start Free Trial
