secure database passwords in an oracle wallet.doc
TRANSCRIPT
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
1/12
DBA Tips Archive for Oracle
Secure Database Passwords in an Oracle Wallet
by Jeff Hunter, Sr. Database Administrator
Contents
Introduction Create Oracle Wallet
Store Database Credentials
Test Database Credentials
ana!e Database Credentials in Wallet
Command"#ine Pro$y Aut%entication
About t%e Aut%or
Introduction
T%e &ractice of writin! scri&ts to automate routine database tas's is common&lace. T%is caninclude database bac'u&s, (T# )obs, or any ty&e of batc% &rocessin! t%at re*uires database
access wit%out user interaction. T%ese scri&ts are ty&ically %eld on t%e filesystem w%ic% de&end
on OS file &ermissions to &rotect t%e security credentials needed to lo! in to t%e database. T%ec%allen!e %as been %ow to ade*uately %ide or obfuscate t%e username and &assword and not
e$&ose t%em in clear te$t and causin! a &otential security breac%. A widely used &ractice %as
been to rely on OS Aut%entication,but startin! wit% Oracle Database +g-elease , a moresim&lified and scalable solution would be to use a Secure External Password Store. T%is
a&&roac% &ro/ides a secure met%od to store database credentials and reduces ris' to security&olicies because t%e usernames and &asswords no lon!er need to be e$&osed in clear te$t. T%is
also a/oids t%e need for t%e D0A or ot%er security administrators to s%are &asswords wit%de/elo&ers and ot%er non administrator users needin! access to t%e database.
T%e secure e$ternal &assword store uses a client"side Oracle Wallet to store one or more user
name1&assword combinations. T%e wallet is encry&ted usin! t%e 2D(S al!orit%m so t%e contentsof t%e wallet are not readable. If t%e wallet is e/er com&romised, t%e database &assword for t%e
http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Introductionhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Create%20Oracle%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Store%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Test%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Manage%20Database%20Credentials%20in%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Command-Line%20Proxy%20Authenticationhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#About%20the%20Authorhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/http://window.history.back%28%29/http://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Create%20Oracle%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Store%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Test%20Database%20Credentialshttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Manage%20Database%20Credentials%20in%20Wallethttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Command-Line%20Proxy%20Authenticationhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#About%20the%20Authorhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_13.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Security/SEC_15.shtml#Introduction -
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
2/12
user can be c%an!ed and a new wallet can be !enerated t%us renderin! t%e &re/ious wallet
unusable.
T%e best way to en/ision t%e &assword store is as a table wit% t%ree columns3 TNSALIAS,
USERNAME, and PASSWORD. T%e TNSALIASis basically t%e &rimary 'ey t%at ma&s to a sin!le user
name1&assword combination. In most de&loyment scenarios, t%is means creatin! a newTNSALIASentry for eac% stored credential.
TNSALIAS (PK) USERNAME PASSWORD--------------- ---------- -----------TESTDB1 SCOTT TIGERERPDB_APPS APPS APPL3PWDERPDB_GL GL GL3XPWD...
Consider t%e followin! e$am&le w%ere a s%ell scri&t includes a call to S4#5Plus usin! traditional
username1&assword aut%entication3
sqlpls s!"##$#%&'#*s+l%+s
#ac' of ade*uate file system &ermissions in &lace for t%e scri&t e$&oses t%e database credentialsin clear te$t and creates a ma)or security breac%. Wit% a secure e$ternal &assword store in &lace,
t%e abo/e S4#5Plus call could be re&laced wit%3
sqlpls $#*s+l%+s
In t%e abo/e e$am&le, t%e T6S connect strin!, alon! wit% t%e username and &assword aree$tracted from t%e &assword store 7a client"side Oracle wallet8 based on #*s+l%+s. It s%ould be
noted t%at #*s+l%+sin t%e abo/e sqlplscall s%ould not be t%ou!%t of as an actual entry in t%e
#*s*+,'s."+file, but rat%er as a loo'u& 'ey in t%e &assword store. T%at 'ey /alue in t%e
&assword store s%ould, %owe/er, be a resol/able entry in t%e #*s*+,'s."+file. Alt%ou!% t%e
#*s+l%+s/alue used for t%e database lo!in 7$#*s+l%+s8 and t%e entry in t%e &assword store
must be t%e same, it is im&ortant to distin!uis% between t%e two.
Create Oracle Wallet
A client"side Oracle Wallet will be created in t%is section w%ic% will be used for t%e securee$ternal &assword store. Alt%ou!% t%e e$am&les &ro/ided in t%is !uide will be &erformed on a
#inu$ client mac%ine, t%e same &rocedures could be used on a icrosoft Windows client
mac%ine, anot%er database ser/er, or e/en from t%e database ser/er %ostin! t%e tar!et database.
About Oracle Wallet
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
3/12
An Oracle Wallet is not%in! more t%an a &rotected lo!ical container 7a sin!le file named
'+ll'#.p18 t%at is used for t%e secure e$ternal &assword store. ulti&le wallets may be
created on a mac%ine9 %owe/er, eac% wallet s%ould be contained in its own directory. :sin! awallet for t%e secure e$ternal &assword store is not t%e only use of an Oracle wallet. T%e wallet
can also be used to store encry&ted 'eys needed by t%e Oracle database in order to access SS#
sitesas well as many of t%e more ad/anced security o&tions in Oracle li'e Trans&arent Data(ncry&tion 7TD(8 or P;I Credentials. T%ese ad/anced o&tions are &art of Oracle confi!urations. Oracle
AC=S is cluster file system on to& of AS and &ro/ides new Security features li'e
e$cellent wallet &rotection and se&aration of duties. AC=S is not confi!ured for t%ee$am&le described in t%is !uide and t%erefore will not be used for t%e Oracle wallet.
Add t%e followin! entry to t%e sql*'#."+on your client mac%ine so t%at Oracle 6et 'nows
w%ere to loo' for t%e wallet. T%e location directory for t%e wallet must be an absolute &at%, endwit% ri!%t &arent%eses, and be an e$istin! directory. a'e certain t%at t%ere are no s&aces or
in/isible c%aracters at t%e end of t%e directory &at% as t%is may cause Oracle to not reco!ni?e t%e
directory.
WALLET_LOCATION
(SOURCE (MET/OD 4ILE) (MET/OD_DATA (DIRECTOR5 $21$+pp$"+!l'$p"!#$11..2$67",'_1$*'#"0$+,%*) ) )
S8LNET.WALLET_O9ERRIDE TRUESSL_CLIENT_AUT/ENTICATION 4ALSE
http://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/PL_SQL/PLSQL_19.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtmlhttp://www.idevelopment.info/data/Oracle/DBA_tips/Automatic_Storage_Management/ASM_50.shtml -
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
4/12
ADR_BASE $21$+pp$"+!l'NAMES.DIRECTOR5_PAT/ (TNSNAMES)NAMES.DE4AULT_DOMAIN IDE9ELOPMENT.IN4O
In addition to t%e wallet location, s&ecify t%e followin!3
1. (nter t%e S8LNET.WALLET_O9ERRIDE&arameter and set it to TRUEin order to o/erride t%ecurrent aut%entication met%ods and use t%e secure e$ternal &assword store feature.
=or e$am&le, settin! S8LNET.WALLET_O9ERRIDE TRUEcauses all @CONNECT
$6_!"**'!#_s#%*&@ statements to use t%e information in t%e wallet at t%e s&ecified
location to aut%enticate to databases.
T%e default /alue for S8LNET.WALLET_O9ERRIDEis 4ALSE, allowin! standard use of
aut%entication credentials li'e Windows nati/e aut%entication or Secure Soc'ets #ayer
7SS#8 and disablin! t%e secure e$ternal &assword store feature.
6ote3 If an a&&lication uses SS# for encry&tion, t%en t%e sql*'#."+&arameter,
S8LNET.AUT/ENTICATION_SER9ICES, s&ecifies SS# and an SS# wallet is created. If t%is
a&&lication wants to use secret store credentials to aut%enticate to databases 7instead oft%e SS# certificate8, t%en t%ose credentials must be stored in t%e SS# wallet. After SS#
aut%entication, if S8LNET.WALLET_O9ERRIDE TRUE, t%en t%e user names and
&asswords from t%e wallet are used to aut%enticate to databases. If
S8LNET.WALLET_O9ERRIDE 4ALSE, t%en t%e SS# certificate is used.
2. T%e SSL_CLIENT_AUT/ENTICATION&arameter is used to s&ecify w%et%er or not a client is
aut%enticated usin! t%e Secure Soc'ets #ayer 7SS#8. T%e default /alue is TRUE.
3. Alt%ou!% not re*uired for a secure e$ternal &assword store, I s&ecify a default domain int%e sql*'#."+for all T6S entries 7NAMES.DE4AULT_DOMAIN IDE9ELOPMENT.IN4O8.
Create Oracle Wallet
Create a new Oracle wallet in t%e &re/iously s&ecified location by e$ecutin! t%e ,0s#"'
command wit% t%e -!'+#'o&tion.
:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin" -createO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
E*#' p+ss"; **********E*#' p+ss" +&+%*; **********
Alt%ou!% t%e wallet created abo/e is &assword &rotected, it is defined wit% t%e @Auto #o!in@&ro&erty enabled so t%at any connection attem&t by t%e user w%o created t%e wallet is not
re*uired to su&&ly t%e &assword.
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
5/12
About Auto Login Property
W%en t%e auto lo!in &ro&erty is enabled, it creates an obfuscated co&y of t%e wallet andenables access to ser/ices 7P;I, &assword store, etc.8 wit%out a &assword. W%en auto
lo!in is enabled for a wallet, it is only a/ailable to t%e o&eratin! system user w%o created
t%at wallet. T%e auto lo!in feature for a wallet can be enabled or disabled usin! OracleWallet ana!er.
Somet%in! to note about an Oracle wallet is t%at it can be co&ied to a different mac%ine w%ic%
im&oses a serious ris' to security. A user could create an account on t%eir wor'station wit% t%esame username as t%e wallet owner and obtain access to any of t%e database credentials stored in
t%e wallet wit%out a &assword. In Oracle Database ++g-elease , you can &re/ent t%e auto lo!in
functionality from wor'in! if it is co&ied to anot%er mac%ine by creatin! a 7local8 wallet usin!
t%e "+p0%command, instead of t%e ,0s#"'command.
: orapki wallet create -wallet
"/u01/app/oracle/product/11.2.0/dbhome_1/network/admin" -pwd "myPassword"-auto_login_localO+!l' PKI T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
erify t%e wallet was created. T%e same wallet file names will be created w%et%er t%ey were
created usin! ,0s#"'or t%e "+p0%command.
: ls -l /u01/app/oracle/product/11.2.0/dbhome_1/network/admin#"#+l =-------- 1 "+!l' "%*s#+ll 33 l 2 ; !+ll'#.ss"
-------- 1 "+!l' "%*s#+ll 3F l 2 ; '+ll'#.p1------ 1 "+!l' "%*s#+ll 3 4'6 12 2;31 l%s#'*'."+-- "+!l' "%*s#+ll =2F 4'6 12 2;3 s+,pl's$------ 1 "+!l' "%*s#+ll 2 M+< 11 211 s7'p#.ls#------ 1 "+!l' "%*s#+ll 2F2 l 2 1;2 sql*'#."+------ 1 "+!l' "%*s#+ll 333 l 2 ;=3 #*s*+,'s."+
Since t%e wallet was created wit% t%e auto lo!in functionality, t%e wallet will be e$&orted into afile named !+ll'#.ss". Also, since t%e wallet is &rotected by a &assword, two files will be
created9 namely '+ll'#.p1and !+ll'#.ss".
Oracle RAC
If a wallet is bein! created on t%e nodes in an Oracle -AC confi!uration, t%e wallet s%ould be
confi!ured on all nodes in t%e sql*'#."+file for t%e Database %ome and not t%e Brid
Infrastructure %ome. Alt%ou!% it is &ossible to s&ecify t%e location for t%e wallet in t%e
sql*'#."+for Brid %ome and e/en /erify t%at t%e database credentials wor' from Brid %ome,
t%e cluster database will fail to start3
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
6/12
: srctl start database -d racdb
PRCR-12 ; 4+%l' #" s#+# 's"!' "+.+!6.6ORA-1; TNS;+ll'# "p'* ?+%l'CRS-21; T7' 's"!' +!#%"* H"+.+!6.6 s#+#H '*!"*#'' #7' ?"ll"%*&'";ORA-1; TNS;+ll'# "p'* ?+%l'. 4" '#+%ls '?' #" H(;CLSN2212;)H %*H$21$+pp$11..2$&%$l"&$+!*"'$+&'*#$!s$"++&'*#_"+!l'$"++&'*#_"+!l'.l"&H.
CRS-F=; S#+# "? "+.+!6.6 "* +!*"' ?+%l'ORA-1; TNS;+ll'# "p'* ?+%l'CRS-21; T7' 's"!' +!#%"* H"+.+!6.6 s#+#H '*!"*#'' #7' ?"ll"%*&'";ORA-1; TNS;+ll'# "p'* ?+%l'. 4" '#+%ls '?' #" H(;CLSN2212;)H %*
H$21$+pp$11..2$&%$l"&$+!*"'1$+&'*#$!s$"++&'*#_"+!l'$"++&'*#_"+!l'.l"&H.
CRS-F=; S#+# "? "+.+!6.6 "* +!*"'1 ?+%l'ORA-1; TNS;+ll'# "p'* ?+%l'CRS-F3; T7'' +' *" ,"' s'@'s #" #< #" pl+!' 's"!' "+.+!6.6 "* #7+# "l s+#%s?< %#s pl+!','*# p"l%! O+!l'. All %&7#s 's'@'.
Us' p++,'#' ?%l's;$21$+pp$"+!l'$p"!#$11..2$67",'_1$*'#"0$+,%*$sql*'#."+
Us' TNSNAMES ++p#' #" 's"l@' #7' +l%+s
A##',p#%*& #" !"*#+!# (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11))(CONNECT_DATA (SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?")))OK (2 ,s'!)
Add Database Credentials to Wallet
After creatin! t%e Oracle wallet 7usin! eit%er ,0s#"'or "+p0%8 and /erifyin! t%e database
connect strin!, e$ecute t%e ,0s#"'command wit% t%e -!'+#'C''*#%+lo&tion to add your
database credentials.
:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin"-create!redential reporting_tool report_user report_user_pwdO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
E*#' +ll'# p+ss"; **********C'+#' !''*#%+l "+!l'.s'!%#
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
8/12
:sin! S4#5Plus, connect to t%e tar!et database usin! t%e @$#*s+l%+s@ synta$.
: slplus /#reporting_tool
S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* 4% l 2 3;=; 21
C"p 211> O+!l'. All %&7#s 's'@'.
C"**'!#' #";O+!l' D+#+6+s' 11& E*#'p%s' E%#%"* R'l'+s' 11..2.3.2 - F=6%# P"!#%"*W%#7 #7' P+#%#%"*%*&> O+!l' L+6'l S'!%# OLAP> D+#+ M%*%*&+* R'+l Appl%!+#%"* T's#%*& "p#%"*s
S8L show userUSER %s HREPORT_USERHS8L
T%e @$#*s+l%+s@ synta$ uses t%e wallet to loo'u& t%e username and &assword for t%e matc%in!#*s+l%+sand t%en &asses t%ose to t%e database for aut%entication.
If you want to connect to t%e same database, but as a different database user, ma'e anot%er T6S
alias in your #*s*+,'s."+file and add a new entry to t%e wallet. =or e$am&le3
TESTDB1_SCOTT.IDE9ELOPMENT.IN4O (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11)) (CONNECT_DATA
(SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?") ) )
: cd /u01/app/oracle/product/11.2.0/dbhome_1/network/admin:mkstore -wrl . -create!redential testdb1_scott scott tigerO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
E*#' +ll'# p+ss"; **********C'+#' !''*#%+l "+!l'.s'!%# D+#+ M%*%*&
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
9/12
+* R'+l Appl%!+#%"* T's#%*& "p#%"*s
S8L show userUSER %s HSCOTTHS8L
&ava Application
W%en usin! t%e secure e$ternal &assword store in a Ja/a a&&lication, you must use t%e OCI7t%ic'8 JD0C dri/er w%ic% also means you need to install t%e Oracle client software. :se a :-#
similar to t%e followin! w%en connectin! to t%e database3
C"**'!#%"* !"** D%@'M+*+&'.&'#C"**'!#%"*(H6!;"+!l';"!%;$#'s#61_s!"##H)
'anage Database Credentials in Wallet:se t%e ,0s#"'command wit% t%e -l%s#C''*#%+lo&tion to list t%e credentials &resent in
t%e wallet.
:mkstore -wrl "/u01/app/oracle/product/11.2.0/dbhome_1/network/admin"-list!redentialO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
E*#' +ll'# p+ss"; **********
L%s# !''*#%+l (%*'; !"**'!#_s#%*& s'*+,'); #'s#61_s!"## s!"##1; 'p"#%*&_#""l 'p"#_s'
ou can also use t%e ,0s#"'command to modify or delete &assword credentials for e$istin!
wallet entries.
,0s#"' -l +ll'#_l"!+#%"* -,"%?
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
10/12
database usin! credentials ot%er t%an t%e a&&lication owner but still %a/e t%e same le/el of
access
Solution3 Create a se&arate database account for t%e &ro!ram t%at uses command"line &ro$yaut%entication wit% t%e secure e$ternal &assword store. :sin! t%is met%od, a&&lications can use
traditional &ro$y aut%entication to aut%enticate as an end user 7H-P-OC in t%is e$am&le8 andt%e &ro$y to t%e H- user.
6ote t%at &rior to Oracle Database +g-elease , Oracle &ro$y aut%entication onlywor'ed wit% t%ic' or t%in JD0C connections. In Oracle Database +! -elease , Oracle
introduced command line &ro$y functionality as demonstrated in t%is section.
Start by creatin! t%e database &ro$y user and !rantin! CREATE SESSION&ri/ile!es.
S8L grant create session to hrproc identi$ied by hrproc_password%
G+*# s!!'''.
Alter t%e user H- to enable access t%rou!% t%e new database account.
S8L alter user hr grant connect through hrproc%
Us' +l#''.
Confi!ure t%e wallet and t%e #*s*+,'s."+file startin! wit% t%e T6S alias entry. Add an entry
to t%e #*s*+,'s."+file for t%e &ro$y user.
/RPROC.IDE9ELOPMENT.IN4O (DESCRIPTION (ADDRESS (PROTOCOL TCP)(/OST #'s#*"'1.%'@'l"p,'*#.%*?")(PORT 11)) (CONNECT_DATA (SER9ER DEDICATED) (SER9ICE_NAME #'s#61.%'@'l"p,'*#.%*?") ) )
Add t%e credentials for t%e &ro$y user to your wallet.
: cd /u01/app/oracle/product/11.2.0/dbhome_1/network/admin:mkstore -wrl . -create!redential hrproc hrproc hrproc_passwordO+!l' S'!'# S#"' T""l ; 9's%"* 11..2.3.2 - P"!#%"*C"p 211> O+!l' +*$" %#s +??%l%+#'s. All %&7#s 's'@'.
E*#' +ll'# p+ss"; &&&&&&&&C'+#' !''*#%+l "+!l'.s'!%#
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
11/12
T%e batc% &ro!ram can now aut%enticate as H-P-OC usin! t%e secure e$ternal &assword store
and is allowed to &ro$y t%rou!% t%e H- user3
: slplus '()/#hrproc
S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* T' l = 1=;;32 21
C"p 211> O+!l'. All %&7#s 's'@'.
C"**'!#' #";O+!l' D+#+6+s' 11& E*#'p%s' E%#%"* R'l'+s' 11..2.3.2 - F=6%# P"!#%"*W%#7 #7' P+#%#%"*%*&> O+!l' L+6'l S'!%# OLAP> D+#+ M%*%*&+* R'+l Appl%!+#%"* T's#%*& "p#%"*s
S8L show userUSER %s H/RHS8L
Alt%ou!% t%e secure e$ternal &assword store was used in t%e &re/ious e$am&le, it is still &ossible
to use t%e traditional username1&assword met%od wit% t%e &ro$y aut%entication functionality. =or
e$am&le3
: slplus hrproc'()/hrproc_password#hrproc
S8LJPls; R'l'+s' 11..2.3.2 P"!#%"* "* T' l = 1;F;33 21
C"p 211> O+!l'. All %&7#s 's'@'.
C"**'!#' #";O+!l' D+#+6+s' 11& E*#'p%s' E%#%"* R'l'+s' 11..2.3.2 - F=6%# P"!#%"*W%#7 #7' P+#%#%"*%*&> O+!l' L+6'l S'!%# OLAP> D+#+ M%*%*&+* R'+l Appl%!+#%"* T's#%*& "p#%"*s
S8L show userUSER %s H/RHS8L
About the Author
Jeffrey Hunter is an Oracle Certified Professional, Ja/a De/elo&ment Certified Professional,Aut%or, and an Oracle AC(. Jeff currently wor's as a Senior Database Administrator for T%e
D0A Eone, Inc.located in Pittsbur!%, Pennsyl/ania. His wor' includes ad/anced &erformance
tunin!, Ja/a and P#1S4# &ro!rammin!, de/elo&in! %i!% a/ailability solutions, ca&acity&lannin!, database security, and &%ysical 1 lo!ical database desi!n in a :6I>, #inu$, and
Windows ser/er en/ironment. Jeff
-
8/14/2019 Secure Database Passwords in an Oracle Wallet.doc
12/12
Administrator and Software (n!ineer for o/er +F years and maintains %is own website site at3
%tt&311www.iDe/elo&ment.info. Jeff !raduated from Stanislaus State :ni/ersity in Turloc',
California, wit% a 0ac%elor