How are you authenticating you applications?
- From: Guillermo Alan Bort <cicciuxdba@xxxxxxxxx>
- To: oracle-l-freelists <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 9 Mar 2011 16:11:42 -0300
List,
We have several application servers (mostly Tomcat) connecting to the
Oracle Databases (jdbc) and we detected that there is a lot of people using
the application accounts to connect to the databases using TOAD or such
other tools. We are working on informing them that they should not do so,
and that they car request access to the DB if there is a valid business
reason for them to have such access.
Now comes the other side... I'd hate to have to add a logon trigger that
kicks out anyone using TOAD (and an app account), as it would rely on
blacklisting or whitelisting either modules, apps, machines or osusers...
and would require manual maintenance which is something we are not really
willing to do. So... here comes the question: How do you authenticate a
Tomcat against Oracle without giving anyone the password (nor setting it up
yourself on the tomcat, because the apps admins won't like that). Is there a
way through certificates, wallets or something like that?
We are working on providing the hashed password, so all the non-dbas get
is a hash... but I don't know how strong the eencryption really is... and
I'd like to let my i7 have a go at cracking one and see how long it takes...
still, a non-human-intervention approach would be appreciated :-)
thanks in advance
Alan.-
Other related posts:
