Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients


Free Oracle Tips


Free Oracle App Server Tips


Oracle support

Oracle training

Oracle tuning


Remote Oracle

Custom Oracle Training


  Oracle Tips by Burleson

Chapter 4 General Oracle Security

Note the use of the function. It does not actually return the value of the user's password. Rather it returns YES if the password supplied by the user is correct and NO if it isn't. This is analogous to the challenge-response type of authentication, where the challenge is merely answered with a yes or no response. The application user never needs to know the decrypted value of the password.

Some user who is not normally involved in the process of the application owns this function. The authors recommend using a user id called SECUSER, who owns all the security related objects.  In this case, the user SECUSER owns this function and grants execute privileges to APPUSER1 and APPUSER2 (or more, if necessary).

When the application user APPUSER1 needs to authenticate himself or herself, he or she calls the function in the following manner

if (
    secuser.is_password_correct (
        'APPUSER1','app1') = 'YES'
) then
    -- user is authenticated
    -- user is not authenticated
end if;

The user never knows the value of the password string inside. All he or she knows is that the password is app1 and the function responds with a YES or NO answer. Even if the user APPUSER1 selects from the table

The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security


This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only


 and has an immediate download of working security scripts:


Oracle performance tuning book



Oracle performance tuning software

Oracle performance tuning software
Oracle performance Tuning 10g reference poster
Oracle training in Linux commands
Oracle training Excel


email BC:

Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.