Perhaps, but if you're using Oracle, you could store the password in the DB as "obfuscated", which is how Oracle refers to encryption. Tbe table containing the password would be stored in a different schema than the one to which you'd normally attach to. In order to get the password, you would login using a dummy account and password. This dummy account would not be able to do anything except execute a function or procedure in the password schema. This function/procedure would return the text of the password (or the hash, if you wanted to decrypt in Perl) as well as audit the call.
At least this way, the password's usage could be monitored to see if it has been stolen. Not perfect (I don't know if there is a perfect solution), but almost... HTH! GL! :) Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA > -----Original Message----- > From: John Gedeon [mailto:jgedeon@;qualcomm.com] > Sent: Tuesday, October 22, 2002 2:46 PM > To: [EMAIL PROTECTED] > Subject: RE: Hiding the db password > > > Thanks for the tips guys. I will post my solution if any when > I get one. > but it seems like someone will always be able to see the passwords... > John > > > > <>< Proverbs 3:5 "Trust in the Lord with all your heart and > lean not on > your own understanding;" >
