-----Original Message-----
From: Jacques Kilchoer [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 29, 2002 4:28 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: Ids and passwords for application usersI always preferred the option of having a userid for each person, because it makes it easier to match session to user. When you say userid "dwilliams" locking a table you know who to call, but if you see userid "app_user" you have to do some extra work to track the person down. >From a developer point of view, it's easier to determine the name of the logged in user (use built-in "user" function) than it would be to find out the machine name / application name (select * from v$session).
If you have only one username with a password hard-coded in the application, how do you plan on hiding the password from the user, or changing the password if it becomes compromised?
> -----Original Message-----
> From: DENNIS WILLIAMS [mailto:[EMAIL PROTECTED]]
>
> Peter - Go with option #1 unless you relish a career as an
> Oracle security
> officer. With option #1 the developers can create some administrator
> screens. Unless security is really, really critical.
>
> -----Original Message-----
>
> I am in the process of designing a small database which may have
> as many as 250 to 300 users. We are reaching a stage where we need
> to decide how we will control access to this database. As I see it
> we have two options:
>
> 1. Provide a single hidden login for the entire application
> and control
> access to the applicaiton itself either by "roll your own" security or
> using the operating system (UNIX) controls.
>
> 2. Create ids for the users in Oracle and grant them access
> to the necessary tables using roles.
>
> Any opinions or alternate suggestions?
>
> Peter Schauss
Title: RE: Ids and passwords for application users
trying
to understand how oracle 9i proxy authentication work.
is
anyone using it?
- RE: Ids and passwords for application users Scott . Shafer
- Ids and passwords for application users Schauss, Peter
- RE: Ids and passwords for application users DENNIS WILLIAMS
- RE: Ids and passwords for application users Jacques Kilchoer
- RE: Ids and passwords for application users Mandar A. Ghosalkar
- RE: Ids and passwords for application users Richard Huntley
- RE: Ids and passwords for application users groups
- RE: Ids and passwords for application users Jacques Kilchoer
- RE: Ids and passwords for application users DENNIS WILLIAMS
- RE: Ids and passwords for application users kkennedy
- RE: Ids and passwords for application users Gene Sais
- RE: Ids and passwords for application users groups
- RE: Ids and passwords for application users groups
- RE: Ids and passwords for application users Jacques Kilchoer