What problems will I encounter when switching to externally identified users

Posted on 2011-05-09
Last Modified: 2012-05-11
I currently have a Oracle 10.2 database with Oracle Named Users. I am thinking of implementing a SSO solution using Oracle advanced security and an Active Directory. I will be slowly migrating a number of custom developed apps to this new architecture and will be removing existing login screens.

What problems will I run into when switching to externally identified/authenticated users?
Question by:zstafa
    LVL 76

    Accepted Solution

    The main one:  Your database is only as secure as the OS.
    LVL 7

    Expert Comment


    slightwv's answer is the correct one. You allow into your db anybody who managed to get OS authentication (who logged into the OS).

    Aditionnally, if you go for that external authentication, make sure (at least) that your REMOTE_OS_AUTHENT is set to false. Otherwise you have no more security on logging into your db.

    LVL 7

    Expert Comment

    ... In other words, if you go for any external directory authentication solution, make sure there's only the local server which will execute that autentication.
    LVL 3

    Author Comment

    I will be using Xenapp as the portal, so the user will be authenticated using a smartcard and PIN at that level. My question was more specific to the custom apps,  and if they would have any problems when the Oracle named users will be changed to be externally identified. I will use OAS to get the identity of the user from the oracle client and an ActivClient or Oracle wallet. Thanks
    LVL 76

    Assisted Solution

    by:slightwv (䄆 Netminder)
    I'm far from an expert on all the middle pieces but even Oracle is migrating to the Wallet so take that for what it's worth.

    It's kind of hard to sell something they can't back up and trust.

    If you are using Oracle's Wallet you should be fine.  With the caveat: even a good tool can be used incorrectly.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment’s Console is a great tool to view activities, leads, contacts, accounts and opportunities all in one screen. It is particularly effective during call blocks and working numerous activities at a time in a quick, repetitive fashion (suc…
    Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
    This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now