secure database passwords in an oracle wallet.doc

8/14/2019 Secure Database Passwords in an Oracle Wallet.doc

1/12

DBA Tips Archive for Oracle

Secure Database Passwords in an Oracle Wallet

by Jeff Hunter, Sr. Database Administrator

Contents

Introduction Create Oracle Wallet

Store Database Credentials

Test Database Credentials

ana!e Database Credentials in Wallet

Command"#ine Pro$y Aut%entication

About t%e Aut%or

Introduction

T%e &ractice of writin! scri&ts to automate routine database tas's is common&lace. T%is caninclude database bac'u&s, (T# )obs, or any ty&e of batc% &rocessin! t%at re*uires database

access wit%out user interaction. T%ese scri&ts are ty&ically %eld on t%e filesystem w%ic% de&end

on OS file &ermissions to &rotect t%e security credentials needed to lo! in to t%e database. T%ec%allen!e %as been %ow to ade*uately %ide or obfuscate t%e username and &assword and not

e$&ose t%em in clear te$t and causin! a &otential security breac%. A widely used &ractice %as

been to rely on OS Aut%entication,but startin! wit% Oracle Database +g-elease , a moresim&lified and scalable solution would be to use a Secure External Password Store. T%is

a&&roac% &ro/ides a secure met%od to store database credentials and reduces ris' to security&olicies because t%e usernames and &asswords no lon!er need to be e$&osed in clear te$t. T%is

also a/oids t%e need for t%e D0A or ot%er security administrators to s%are &asswords wit%de/elo&ers and ot%er non administrator users needin! access to t%e database.

T%e secure e$ternal &assword store uses a client"side Oracle Wallet to store one or more user

name1&assword combinations. T%e wallet is encry&ted usin! t%e 2D(S al!orit%m so t%e contentsof t%e wallet are not readable. If t%e wallet is e/er com&romised, t%e database &assword for t%e
http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Introductionhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Create%20Oracle%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Store%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Test%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Manage%20Database%20Credentials%20in%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Command-Line%20Proxy%20Authenticationhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#About%20the%20Authorhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/http://window.history.back%28%29/http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Create%20Oracle%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Store%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Test%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Manage%20Database%20Credentials%20in%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Command-Line%20Proxy%20Authenticationhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#About%20the%20Authorhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Introduction


2/12

user can be c%an!ed and a new wallet can be !enerated t%us renderin! t%e &re/ious wallet

unusable.

T%e best way to en/ision t%e &assword store is as a table wit% t%ree columns3 TNSALIAS,

USERNAME, and PASSWORD. T%e TNSALIASis basically t%e &rimary 'ey t%at ma&s to a sin!le user

name1&assword combination. In most de&loyment scenarios, t%is means creatin! a newTNSALIASentry for eac% stored credential.

TNSALIAS (PK) USERNAME PASSWORD--------------- ---------- -----------TESTDB1 SCOTT TIGERERPDB_APPS APPS APPL3PWDERPDB_GL GL GL3XPWD...

Consider t%e followin! e$am&le w%ere a s%ell scri&t includes a call to S4#5Plus usin! traditional

username1&assword aut%entication3

sqlpls s!"##$#%&'#*s+l%+s

#ac' of ade*uate file system &ermissions in &lace for t%e scri&t e$&oses t%e database credentialsin clear te$t and creates a ma)or security breac%. Wit% a secure e$ternal &assword store in &lace,

t%e abo/e S4#5Plus call could be re&laced wit%3

sqlpls $#*s+l%+s

In t%e abo/e e$am&le, t%e T6S connect strin!, alon! wit% t%e username and &assword aree$tracted from t%e &assword store 7a client"side Oracle wallet8 based on #*s+l%+s. It s%ould be

noted t%at #*s+l%+sin t%e abo/e sqlplscall s%ould not be t%ou!%t of as an actual entry in t%e

#*s*+,'s."+file, but rat%er as a loo'u& 'ey in t%e &assword store. T%at 'ey /alue in t%e

&assword store s%ould, %owe/er, be a resol/able entry in t%e #*s*+,'s."+file. Alt%ou!% t%e

#*s+l%+s/alue used for t%e database lo!in 7$#*s+l%+s8 and t%e entry in t%e &assword store

must be t%e same, it is im&ortant to distin!uis% between t%e two.

Create Oracle Wallet

A client"side Oracle Wallet will be created in t%is section w%ic% will be used for t%e securee$ternal &assword store. Alt%ou!% t%e e$am&les &ro/ided in t%is !uide will be &erformed on a

#inu$ client mac%ine, t%e same &rocedures could be used on a icrosoft Windows client

mac%ine, anot%er database ser/er, or e/en from t%e database ser/er %ostin! t%e tar!et database.

About Oracle Wallet


3/12

An Oracle Wallet is not%in! more t%an a &rotected lo!ical container 7a sin!le file named

'+ll'#.p18 t%at is used for t%e secure e$ternal &assword store. ulti&le wallets may be

created on a mac%ine9 %owe/er, eac% wallet s%ould be contained in its own directory. :sin! awallet for t%e secure e$ternal &assword store is not t%e only use of an Oracle wallet. T%e wallet

can also be used to store encry&ted 'eys needed by t%e Oracle database in order to access SS#

sitesas well as many of t%e more ad/anced security o&tions in Oracle li'e Trans&arent Data(ncry&tion 7TD(8 or P;I Credentials. T%ese ad/anced o&tions are &art of Oracle confi!urations. Oracle

AC=S is cluster file system on to& of AS and &ro/ides new Security features li'e

e$cellent wallet &rotection and se&aration of duties. AC=S is not confi!ured for t%ee$am&le described in t%is !uide and t%erefore will not be used for t%e Oracle wallet.

Add t%e followin! entry to t%e sql*'#."+on your client mac%ine so t%at Oracle 6et 'nows

w%ere to loo' for t%e wallet. T%e location directory for t%e wallet must be an absolute &at%, endwit% ri!%t &arent%eses, and be an e$istin! directory. a'e certain t%at t%ere are no s&aces or

in/isible c%aracters at t%e end of t%e directory &at% as t%is may cause Oracle to not reco!ni?e t%e

directory.

WALLET_LOCATION

(SOURCE (MET/OD 4ILE) (MET/OD_DATA (DIRECTOR5 $21$+pp$"+!l'$p"!#$11..2$67",'_1$*'#"0$+,%*) ) )

S8LNET.WALLET_O9ERRIDE TRUESSL_CLIENT_AUT/ENTICATION 4ALSE
http://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtml


4/12

ADR_BASE $21$+pp$"+!l'NAMES.DIRECTOR5_PAT/ (TNSNAMES)NAMES.DE4AULT_DOMAIN IDE9ELOPMENT.IN4O

In addition to t%e wallet location, s&ecify t%e followin!3

1. (nter t%e S8LNET.WALLET_O9ERRIDE&arameter and set it to TRUEin order to o/erride t%ecurrent aut%entication met%ods and use t%e secure e$ternal &assword store feature.

=or e$am&le, settin! S8LNET.WALLET_O9ERRIDE TRUEcauses all @CONNECT

$6_!"**'!#_s#%*&@ statements to use t%e information in t%e wallet at t%e s&ecified

location to aut%enticate to databases.

T%e default /alue for S8LNET.WALLET_O9ERRIDEis 4ALSE, allowin! standard use of

aut%entication credentials li'e Windows nati/e aut%entication or Secure Soc'ets #ayer

7SS#8 and disablin! t%e secure e$ternal &assword store feature.

6ote3 If an a&&lication uses SS# for encry&tion, t%en t%e sql*'#."+&arameter,

S8LNET.AUT/ENTICATION_SER9ICES, s&ecifies SS# and an SS# wallet is created. If t%is

a&&lication wants to use secret store credentials to aut%enticate to databases 7instead oft%e SS# certificate8, t%en t%ose credentials must be stored in t%e SS# wallet. After SS#

aut%entication, if S8LNET.WALLET_O9ERRIDE TRUE, t%en t%e user names and

&asswords from t%e wallet are used to aut%enticate to databases. If

S8LNET.WALLET_O9ERRIDE 4ALSE, t%en t%e SS# certificate is used.

2. T%e SSL_CLIENT_AUT/ENTICATION&arameter is used to s&ecify w%et%er or not a client is

aut%enticated usin! t%e Secure Soc'ets #ayer 7SS#8. T%e default /alue is TRUE.

3. Alt%ou!% not re*uired for a secure e$ternal &assword store, I s&ecify a default domain int%e sql*'#."+for all T6S entries 7NAMES.DE4AULT_DOMAIN IDE9ELOPMENT.IN4O8.

Create Oracle Wallet

Create a new Oracle wallet in t%e &re/iously s&ecified location by e$ecutin! t%e ,0s#"'

command wit% t%e -!'+#'o&tion.

:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin" -createO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

E*#' p+ss"; **********E*#' p+ss" +&+%*; **********

Alt%ou!% t%e wallet created abo/e is &assword &rotected, it is defined wit% t%e @Auto #o!in@&ro&erty enabled so t%at any connection attem&t by t%e user w%o created t%e wallet is not

re*uired to su&&ly t%e &assword.


5/12

About Auto Login Property

W%en t%e auto lo!in &ro&erty is enabled, it creates an obfuscated co&y of t%e wallet andenables access to ser/ices 7P;I, &assword store, etc.8 wit%out a &assword. W%en auto

lo!in is enabled for a wallet, it is only a/ailable to t%e o&eratin! system user w%o created

t%at wallet. T%e auto lo!in feature for a wallet can be enabled or disabled usin! OracleWallet ana!er.

Somet%in! to note about an Oracle wallet is t%at it can be co&ied to a different mac%ine w%ic%

im&oses a serious ris' to security. A user could create an account on t%eir wor'station wit% t%esame username as t%e wallet owner and obtain access to any of t%e database credentials stored in

t%e wallet wit%out a &assword. In Oracle Database ++g-elease , you can &re/ent t%e auto lo!in

functionality from wor'in! if it is co&ied to anot%er mac%ine by creatin! a 7local8 wallet usin!

t%e "+p0%command, instead of t%e ,0s#"'command.

: orapki wallet create -wallet

"/u01/app/oracle/product/11.2.0/dbhome_1/network/admin" -pwd "myPassword"-auto_login_localO+!l' PKI T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

erify t%e wallet was created. T%e same wallet file names will be created w%et%er t%ey were

created usin! ,0s#"'or t%e "+p0%command.

: ls -l /u01/app/oracle/product/11.2.0/dbhome_1/network/admin#"#+l =-------- 1 "+!l' "%*s#+ll 33 l 2 ; !+ll'#.ss"

-------- 1 "+!l' "%*s#+ll 3F l 2 ; '+ll'#.p1------ 1 "+!l' "%*s#+ll 3 4'6 12 2;31 l%s#'*'."+-- "+!l' "%*s#+ll =2F 4'6 12 2;3 s+,pl's$------ 1 "+!l' "%*s#+ll 2 M+< 11 211 s7'p#.ls#------ 1 "+!l' "%*s#+ll 2F2 l 2 1;2 sql*'#."+------ 1 "+!l' "%*s#+ll 333 l 2 ;=3 #*s*+,'s."+

Since t%e wallet was created wit% t%e auto lo!in functionality, t%e wallet will be e$&orted into afile named !+ll'#.ss". Also, since t%e wallet is &rotected by a &assword, two files will be

created9 namely '+ll'#.p1and !+ll'#.ss".

Oracle RAC

If a wallet is bein! created on t%e nodes in an Oracle -AC confi!uration, t%e wallet s%ould be

confi!ured on all nodes in t%e sql*'#."+file for t%e Database %ome and not t%e Brid

Infrastructure %ome. Alt%ou!% it is &ossible to s&ecify t%e location for t%e wallet in t%e

sql*'#."+for Brid %ome and e/en /erify t%at t%e database credentials wor' from Brid %ome,

t%e cluster database will fail to start3


6/12

: srctl start database -d racdb

PRCR-12 ; 4+%l' #" s#+# 's"!' "+.+!6.6ORA-1; TNS;+ll'# "p'* ?+%l'CRS-21; T7' 's"!' +!#%"* H"+.+!6.6 s#+#H '*!"*#'' #7' ?"ll"%*&'";ORA-1; TNS;+ll'# "p'* ?+%l'. 4" '#+%ls '?' #" H(;CLSN2212;)H %*H$21$+pp$11..2$&%$l"&$+!*"'$+&'*#$!s$"++&'*#_"+!l'$"++&'*#_"+!l'.l"&H.

CRS-F=; S#+# "? "+.+!6.6 "* +!*"' ?+%l'ORA-1; TNS;+ll'# "p'* ?+%l'CRS-21; T7' 's"!' +!#%"* H"+.+!6.6 s#+#H '*!"*#'' #7' ?"ll"%*&'";ORA-1; TNS;+ll'# "p'* ?+%l'. 4" '#+%ls '?' #" H(;CLSN2212;)H %*

H$21$+pp$11..2$&%$l"&$+!*"'1$+&'*#$!s$"++&'*#_"+!l'$"++&'*#_"+!l'.l"&H.

CRS-F=; S#+# "? "+.+!6.6 "* +!*"'1 ?+%l'ORA-1; TNS;+ll'# "p'* ?+%l'CRS-F3; T7'' +' *" ,"' s'@'s #" #< #" pl+!' 's"!' "+.+!6.6 "* #7+# "l s+#%s?< %#s pl+!','*# p"l%! O+!l'. All %&7#s 's'@'.

Us' p++,'#' ?%l's;$21$+pp$"+!l'$p"!#$11..2$67",'_1$*'#"0$+,%*$sql*'#."+

Us' TNSNAMES ++p#' #" 's"l@' #7' +l%+s

A##',p#%*& #" !"*#+!# (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11))(CONNECT_DATA (SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?")))OK (2 ,s'!)

Add Database Credentials to Wallet

After creatin! t%e Oracle wallet 7usin! eit%er ,0s#"'or "+p0%8 and /erifyin! t%e database

connect strin!, e$ecute t%e ,0s#"'command wit% t%e -!'+#'C''*#%+lo&tion to add your

database credentials.

:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin"-create!redential reporting_tool report_user report_user_pwdO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

E*#' +ll'# p+ss"; **********C'+#' !''*#%+l "+!l'.s'!%#


8/12

:sin! S4#5Plus, connect to t%e tar!et database usin! t%e @$#*s+l%+s@ synta$.

: slplus /#reporting_tool

S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* 4% l 2 3;=; 21

C"p 211> O+!l'. All %&7#s 's'@'.

C"**'!#' #";O+!l' D+#+6+s' 11& E*#'p%s' E%#%"* R'l'+s' 11..2.3.2 - F=6%# P"!#%"*W%#7 #7' P+#%#%"*%*&> O+!l' L+6'l S'!%# OLAP> D+#+ M%*%*&+* R'+l Appl%!+#%"* T's#%*& "p#%"*s

S8L show userUSER %s HREPORT_USERHS8L

T%e @$#*s+l%+s@ synta$ uses t%e wallet to loo'u& t%e username and &assword for t%e matc%in!#*s+l%+sand t%en &asses t%ose to t%e database for aut%entication.

If you want to connect to t%e same database, but as a different database user, ma'e anot%er T6S

alias in your #*s*+,'s."+file and add a new entry to t%e wallet. =or e$am&le3

TESTDB1_SCOTT.IDE9ELOPMENT.IN4O (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11)) (CONNECT_DATA

(SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?") ) )

: cd /u01/app/oracle/product/11.2.0/dbhome_1/network/admin:mkstore -wrl . -create!redential testdb1_scott scott tigerO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

E*#' +ll'# p+ss"; **********C'+#' !''*#%+l "+!l'.s'!%# D+#+ M%*%*&


9/12

+* R'+l Appl%!+#%"* T's#%*& "p#%"*s

S8L show userUSER %s HSCOTTHS8L

&ava Application

W%en usin! t%e secure e$ternal &assword store in a Ja/a a&&lication, you must use t%e OCI7t%ic'8 JD0C dri/er w%ic% also means you need to install t%e Oracle client software. :se a :-#

similar to t%e followin! w%en connectin! to t%e database3

C"**'!#%"* !"** D%@'M+*+&'.&'#C"**'!#%"*(H6!;"+!l';"!%;$#'s#61_s!"##H)

'anage Database Credentials in Wallet:se t%e ,0s#"'command wit% t%e -l%s#C''*#%+lo&tion to list t%e credentials &resent in

t%e wallet.

:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin"-list!redentialO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

E*#' +ll'# p+ss"; **********

L%s# !''*#%+l (%*'; !"**'!#_s#%*& s'*+,'); #'s#61_s!"## s!"##1; 'p"#%*&_#""l 'p"#_s'

ou can also use t%e ,0s#"'command to modify or delete &assword credentials for e$istin!

wallet entries.

,0s#"' -l +ll'#_l"!+#%"* -,"%?


10/12

database usin! credentials ot%er t%an t%e a&&lication owner but still %a/e t%e same le/el of

access

Solution3 Create a se&arate database account for t%e &ro!ram t%at uses command"line &ro$yaut%entication wit% t%e secure e$ternal &assword store. :sin! t%is met%od, a&&lications can use

traditional &ro$y aut%entication to aut%enticate as an end user 7H-P-OC in t%is e$am&le8 andt%e &ro$y to t%e H- user.

6ote t%at &rior to Oracle Database +g-elease , Oracle &ro$y aut%entication onlywor'ed wit% t%ic' or t%in JD0C connections. In Oracle Database +! -elease , Oracle

introduced command line &ro$y functionality as demonstrated in t%is section.

Start by creatin! t%e database &ro$y user and !rantin! CREATE SESSION&ri/ile!es.

S8L grant create session to hrproc identi$ied by hrproc_password%

G+*# s!!'''.

Alter t%e user H- to enable access t%rou!% t%e new database account.

S8L alter user hr grant connect through hrproc%

Us' +l#''.

Confi!ure t%e wallet and t%e #*s*+,'s."+file startin! wit% t%e T6S alias entry. Add an entry

to t%e #*s*+,'s."+file for t%e &ro$y user.

/RPROC.IDE9ELOPMENT.IN4O (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11)) (CONNECT_DATA (SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?") ) )

Add t%e credentials for t%e &ro$y user to your wallet.

: cd /u01/app/oracle/product/11.2.0/dbhome_1/network/admin:mkstore -wrl . -create!redential hrproc hrproc hrproc_passwordO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.

E*#' +ll'# p+ss"; &&&&&&&&C'+#' !''*#%+l "+!l'.s'!%#


11/12

T%e batc% &ro!ram can now aut%enticate as H-P-OC usin! t%e secure e$ternal &assword store

and is allowed to &ro$y t%rou!% t%e H- user3

: slplus '()/#hrproc

S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* T' l = 1=;;32 21

C"p 211> O+!l'. All %&7#s 's'@'.


S8L show userUSER %s H/RHS8L

Alt%ou!% t%e secure e$ternal &assword store was used in t%e &re/ious e$am&le, it is still &ossible

to use t%e traditional username1&assword met%od wit% t%e &ro$y aut%entication functionality. =or

e$am&le3

: slplus hrproc'()/hrproc_password#hrproc

S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* T' l = 1;F;33 21

C"p 211> O+!l'. All %&7#s 's'@'.


S8L show userUSER %s H/RHS8L

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Ja/a De/elo&ment Certified Professional,Aut%or, and an Oracle AC(. Jeff currently wor's as a Senior Database Administrator for T%e

D0A Eone, Inc.located in Pittsbur!%, Pennsyl/ania. His wor' includes ad/anced &erformance

tunin!, Ja/a and P#1S4# &ro!rammin!, de/elo&in! %i!% a/ailability solutions, ca&acity&lannin!, database security, and &%ysical 1 lo!ical database desi!n in a :6I>, #inu$, and

Windows ser/er en/ironment. Jeff


12/12

Administrator and Software (n!ineer for o/er +F years and maintains %is own website site at3

%tt&311www.iDe/elo&ment.info. Jeff !raduated from Stanislaus State :ni/ersity in Turloc',

California, wit% a 0ac%elor

secure database passwords in an oracle wallet.doc

Documents