Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security
Secure External Password Store - Part 1
Secure External Password Store
You can store credentials for connecting to
databases in a client-side Oracle wallet.
Oracle wallet, is a secure software container that is used to store
authentication and sign in credentials.
You can simplify application deployments, that
rely on password credentials for connecting to the databases. If you are using client-side Oracle Wallet,
then application code, batch jobs, as well as scripts, will not have to store
embedded user names and passwords in them.
Your passwords are no longer exposed, which reduces risk. Password management policies can be enforced,
without having to change the application code, if the usernames or passwords
change.
The external password store of the wallet is
separate from the area where public key infrastructure (PKI) credentials are
stored. Because of this, you cannot use
Oracle Wallet Manager to manage the credentials in the external password
store. You will manage the external
password store or client-side Oracle Wallet with the command line utility
“mkstore”.
How Does the External Password Store Work?
Well firstly how does a normal connect to the database
work. Users, applications, batch jobs,
and scripts connect to the database by using a CONNECT statement that specifies
the “database connect string”.
This string could be
in the form with a URL that uniquely identified the database.
SQL> CONNECT <username>/<password>@<DB_URL>
It could have a TNS alias that is defined in the
tnsnames.ora file
SQL> CONNECT
<username>/<password>@<TNS_Alias>
It could also be in the form of an easy connect string, in
the form “host:port/sid”:
SQL> CONNECT <username>/<password>@"<host>:<port>/<sid>"
However, when a client is configured with the external
password store, then the applications can connect to a database without having
to specify the database logon credentials.
SQL> CONNECT
/@<db connect string>
The “db connect string” is a valid connect string such as
the service name, URL, or alias. However
in this case the username and password are stored in the Oracle client-side
Wallet. The autologin feature of the
wallet is turned on, so the system does not need a password to open the
wallet. The wallet presents the
credentials to access the database, for the user that is represented.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment