stackoom
  简体   繁体   中英

Oracle Wallet and Secure External Password Store. Why is it secure?

 原文  2021-11-25 05:37:28       oracle

Question

I have read multiple articles on Secure External Password Store and I still can't understand what makes it secure. I have created the wallets myself using orapki to prevent it being copied to other servers etc however essentially what a Secure External Password Store does is keeps the credentials in a format that they are only available to the user you are logging in as I get that. What I don't understand is, if you are taking away the requirement to enter a password at all for a user, how is it secure? Anyone can access your database.

For example, here I make a connection matching the alias in my tnsnames.ora

sqlplus /@db11g

DB11G =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
    (CONNECT_DATA =
      (SERVER = DEDICATED)
      (SERVICE_NAME = DB11G.WORLD)
    )
  )

I require no password, anyone can log in - so why is it secure at all?

1 answers

solution1
 0  2021-11-25 07:05:09

Back in the client/server days of the 80s, all the end-users would have their own database user and password (which would be separate from any other username/password they had for other systems in the company because there was non real single-sign on back then).

How most of the database access is done through an application server or other middle-man. And often the 'end user' might be a customer using a web or mobile app that doesn't even work for your company.

So, as far as the database goes, we've lost that 'something you know' authentication method. That middle man application server now has to manage its password. A chunk of the time that means hard-wiring the database user and password into a config file. Sometimes in plain text, or sometimes the app will read a plain text password from a config file and write it back in an eencrypted form (but ultimately a form it can decrypt because it has to be able to get it out to autheniticate itself to the database).

Having the 'wallet' / external password store removes the reliance on the application managing password security. If the application was doing a poor job of it, and leaving an unencrypted password in the config file, then it is a step up from that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Oracle Secure Usage of SQL script Secure code block execution in Oracle Oracle EF 6 Code first: How to secure the password field in the connection string in app.config How to connect to oracle database with both password and wallet? Using sqlalchemy dburi with Oracle using External Password Store? Create an Oracle Wallet to store DB Credentials on Windows How to Secure Oracle Report 12c Oracle Apex view settings for HttpOnly and Secure flags How to shrink secure file LOBs in Oracle Using Oracle's CREATE SEQUENCE as secure random
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM