Do not display oracle schema password in the application
We are exploring alternatives to using passwords for authenticating the servers, scripts and SQLLDR. Database is on Oracle 10g Enterprise Edition. The application code and scripts all use common accounts/schemas. With current authentication, Scripts and sqlldr uses TNS names. All programs that run non-java SQL scripts or use SQLLDR pass along the passwords to the SQLPLUS or SQLLDR; Java code uses direct JDBC connections. Password is in the JDBC connectionstring. Should password change, application server configuration takes care of updating password in all Java connections. Our goal is to remove the password from any configuration file or code that is easily accessible to developers We'd like something that can be configured on the server (Oracle server or an independent authentication server like Kerberos/LDAP). Any suggestion is appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sanjeev Labh
Since you are calling through java and using application server, you can try and use connection pools. Connection pools are created on apps server level where oracle user details are used in the apps server configurations wherein the developer need not worry about it and hard code it. Whenever any changes are there the administrator themselves change in the configuration which gets reflected automatically.
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
I've requested that this question be closed as follows:
Accepted answer: 500 points for slightwv's comment #a38311364
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Accepted answer: 500 points for slightwv's comment #a38311364
for the following reason:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Angel, my answer ( #a38308555 provided a specific answer (use a variable), met criteria (hide from developers), and could be configured on the one server without requiring additional LDAP setup.
If I were grading the abandoned question I'd split the points. Would you agree to that?
If I were grading the abandoned question I'd split the points. Would you agree to that?
I agree with dvz. I think all three answers have a dealt with different approach which are correct in their own way. So I also think the points should be split appropriately.