Call for Oracle support & training (800) 766-1884
Free Oracle Tips

Home
Corporate Oracle Training
Custom Oracle Training
Oracle New Features Training
Advanced Oracle DBA Classes
Oracle Tuning Courses
Oracle Tips & Tricks
Oracle Training Links
Oracle Training Links
Oracle Training Links

We are top for USA Oracle Training Clients

 

Free Oracle Tips


 
HTML Text AOL

Free Oracle App Server Tips


 
HTML Text

Oracle support

Oracle training

Oracle tuning

Rednecks!

Remote Oracle

Custom Oracle Training

 

   
  Oracle Tips by Burleson

Chapter 4 General Oracle Security

Note the use of the function. It does not actually return the value of the user's password. Rather it returns YES if the password supplied by the user is correct and NO if it isn't. This is analogous to the challenge-response type of authentication, where the challenge is merely answered with a yes or no response. The application user never needs to know the decrypted value of the password.

Some user who is not normally involved in the process of the application owns this function. The authors recommend using a user id called SECUSER, who owns all the security related objects.  In this case, the user SECUSER owns this function and grants execute privileges to APPUSER1 and APPUSER2 (or more, if necessary).

When the application user APPUSER1 needs to authenticate himself or herself, he or she calls the function in the following manner

if (
    secuser.is_password_correct (
        'APPUSER1','app1') = 'YES'
) then
    -- user is authenticated
else
    -- user is not authenticated
end if;

The user never knows the value of the password string inside. All he or she knows is that the password is app1 and the function responds with a YES or NO answer. Even if the user APPUSER1 selects from the table
 

The above text is an excerpt from:

Oracle Privacy Security Auditing

The Final Word on Oracle Security

 

This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only

$39.95

 and has an immediate download of working security scripts:

 

http://rampant-books.com/book_2003_2_audit.htm



 
 
 
 

Oracle performance tuning book

 

 

Oracle performance tuning software

 
Oracle performance tuning software
 
Oracle performance Tuning 10g reference poster
 
Oracle training in Linux commands
 
Oracle training Excel
 
 
 
 

 

email BC:


Copyright © 1996 -  2014 by Burleson Inc. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation.