||Oracle Tips by Burleson
Chapter 4 General Oracle Security
userpass = get_app_password ('newpass1')
Another way is to create a procedure that
accepts the user ID and password, and then inserts into the table
directly. That way, the user who executes the procedure does not
even know which table contains the passwords.
Note an important concept here – the user
executing the procedure is not aware of the table behind the
authentication or the authentication keys. This offers tremendous
security advantages and a flexible password management framework for
HIPAA requires that all users, whether they
connect through the database or the application, should be securely
authenticated. Until now, there was no proper way of authenticating
the application users who were not database users. Using these
password management utilities, this requirement can be easily
Action Item: Identify if there are some
applications that use authentication via passwords stored in tables.
Change the method to the secured method described here.
In the program-based security model, we
discussed a way the internal tables and other objects can be hidden
from the view of the user who calls the procedure. Let's revisit
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: