Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

best practices for security and multiple databases

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
Could anyone give me any ideas about real world ways security is handled? We have a couple of live databases and a couple of "training" databases and the same basic pool of users use all of them. Right now Im maintaining duplicate user names in all of them and letting the users manage their passwords. Of course we constantly get calls from users that have let their passwords get "out of sync" and cant remember how to log on, but... what I really want to know is recommended practices in a case like this. I could do something "manual" like linking the databases and updating all the user info from one database to all the others, but Im sure there must be a "right way" to do it.

any comments would be appreciated...

 
Sort by date Sort by votes
AFAIK the most popular way is to NO CONNECT to database directly at all :). Your users may connect to application server and reach all the databases from the single entry point (Single Sign On).

Regards, Dima
 
Upvote 0 Downvote
From what Ive been reading, it appears that that is configured on the 9ias server and is a part of 9ias? Ive also found references to 9i database component Oracle Advanced Security/enterprise User Security. I havnt looked at the 9ias security stuff too much because we still have some apps that dont go through 9ias, they are still client/server based applications. I guess thats what is most confusing to me now, Oracle seems to provide so many different ways to go, I want to make sure I dont head down a dead end street at this point. They have the 9ias security, the 9i database advanced security, and I see in 10g what appears to be a new and different security..


 
Upvote 0 Downvote
There are a couple of options you can use here...

1) Externally authenticated users. Rather than having Oracle managed passwords, user accounts are set up to accept credentials presented by the operating system (i.e. the client Windows machine) to authenticate the user.

2) Oracle Internet Directory allows you to create a central LDAP repository of all your users-- the Oracle databases can authenticate passwords provided against those stored in OID. This is more of a user & password centralization mechanism than a true single sign-on solution.
3) Single sign-on via Oracle Advanced Security, which allows you to use various external authentication methods (biometric, Kerberos, etc) to authenticate users to Oracle. This is basically a stronger form of externally authenticated users.

Justin
 
Upvote 0 Downvote
Ive found information mostly on the Oracle Internet Directory solution and it seems awfully complicated. I know Oracle "discourages" OS authentication, but I really like the idea of having just ONE place to keep users. Can anyone give me any details about using OS authentication and the pros and cons of that method?

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheLazyPig
  • Locked
  • Question
Merge Into with multiple execution 1
Replies
1
Views
328
carp
carp
Detonah
  • Locked
  • Question
Micros Res 3700 - Cashier Report Displaying Multiple Days Together
Replies
0
Views
311
Detonah
Detonah
Andrzejek
  • Locked
  • Question
Insert multiple records 1
Replies
9
Views
409
mikrom
mikrom
TheLazyPig
  • Locked
  • Question
Separate 1 row value to multiple rows
Replies
4
Views
348
carp
carp
KeyserSoze
  • Locked
  • Question
TOAD for Oracle - Icons
Replies
1
Views
180
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top