Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Do not display oracle schema password in the application

Posted on 2012-08-18
Medium Priority
Last Modified: 2013-08-30
We are exploring alternatives to using passwords for authenticating the servers, scripts and SQLLDR. Database is on Oracle 10g Enterprise Edition. The application code and scripts all use common accounts/schemas. With current authentication, Scripts and sqlldr uses TNS names. All programs that run non-java SQL scripts or use SQLLDR pass along the passwords to the SQLPLUS or SQLLDR; Java code uses direct JDBC connections. Password is in the JDBC connectionstring. Should password change, application server configuration takes care of updating password in all Java connections. Our goal is to remove the password from any configuration file or code that is easily accessible to developers We'd like something that can be configured on the server (Oracle server or an independent authentication server like Kerberos/LDAP). Any suggestion is appreciated.
Question by:liuh2
LVL 23

Assisted Solution

David earned 400 total points
ID: 38308555
A low-cost approach I've used is to store the password in a very, very well protected file (acl access).  cat the file into a variable, and you have a single source password.  If you have a multi-server environment, scp can be used to push changes from one script.
LVL 78

Accepted Solution

slightwv (䄆 Netminder) earned 1600 total points
ID: 38311364
Probably the easiest is OS authentication:

Since you mentioned LDAP:

There are other methods.  The online docs are the best place to start:

Expert Comment

by:Sanjeev Labh
ID: 38313088
Since you are calling through java and using application server, you can try and use connection pools. Connection pools are created on apps server level where oracle user details are used in the apps server configurations wherein the developer need not worry about it and hard code it. Whenever any changes are there the administrator themselves change in the configuration which gets reflected automatically.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 39408984
I've requested that this question be closed as follows:

Accepted answer: 500 points for slightwv's comment #a38311364

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
LVL 23

Expert Comment

ID: 39408985
Angel, my answer ( #a38308555 provided a specific answer (use a variable), met criteria (hide from developers), and could be configured on the one server without requiring additional LDAP setup.

If I were grading the abandoned question I'd split the points.  Would you agree to that?

Expert Comment

by:Sanjeev Labh
ID: 39446947
I agree with dvz. I think all three answers have a dealt with different approach which are correct in their own way. So I also think the points should be split appropriately.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
This video shows how to copy a database user from one database to another user DBMS_METADATA.  It also shows how to copy a user's permissions and discusses password hash differences between Oracle 10g and 11g.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question