Re: Securely getting a password from a custom app into Oracle

From: Sebastian Ghiurca (sebastian.ghiurca@i-u.de)
Date: Tue Aug 06 2002 - 04:21:37 PDT

Next message: Brett.Benderat_private: "Re: Securely getting a password from a custom app into Oracle"

Previous message: Sam Hillaire: "Re: Securely getting a password from a custom app into Oracle"
Next in thread: Brett.Benderat_private: "Re: Securely getting a password from a custom app into Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks for the mail, but I think you should have forwarded it to the guy
with the problem (Brett) :-)

The solution doesn't quite fit the problem, as Brett said the application 
does not run over http, so servlets are out of question. Since the server 
app does not "speak" SSL, I still think a wrapper like stunnel would
help.

Sebastian

On Mon, Aug 05, 2002 at 06:47:45PM -0400, Chris Reickenbacker wrote:
> Sebastian, this is from a friend of mine. Read below:
> 
> Hello there,
> if he is just making a straight up software application or servlets.  He can
> hide the the username password in a properties file, encrypted.
> 
> That's what I did.  I encrypted the file and the servlet that needed the
> un/pw would decrypt it.  it was easy because the class lived in the same
> directory as the properties file. Also, hiding it on a secure server doubled
> the security.
> 
> I also created a little user interface window to set up this properties file
> initially but that part was easy.  Figuring what encryption you want to use
> is the hard part :)
> 
> I hope this helps!
> 
> Have fun!
> 
> Lori
> 
> 
> -----Original Message-----
> From: Chris Reickenbacker [mailto:Chris.Reickenbackerat_private]
> Sent: Monday, August 05, 2002 5:26 PM
> Subject: FW: Securely getting a password from a custom app into Oracle
> 
> 
> Lori,
> 
> Didnt you do this same thing one time for Brian ? Maybe you can help this
> guy out - he has a name you like at least. =)
> 
> Hope all is well.
> 
> Peace,
> 
> Chris
> 
> -----Original Message-----
> From: Sebastian Ghiurca [mailto:sebastian.ghiurca@i-u.de]
> Sent: Monday, August 05, 2002 4:19 PM
> To: secprogat_private
> Subject: Re: Securely getting a password from a custom app into Oracle
> 
> 
> On Tue, Jul 30, 2002 at 01:47:47PM -0400, bsecat_private wrote:
> > How can programmers securely pass user ids and passwords from their
> > applications into an Oracle database.  I understand that for web based
> > applications they could simply use SSL; however, for client/server
> > applications, are there any good solutions out there?
> >
> > Thanks in advance,
> > Brett
> 
> You can use a SSL wrapper like stunnel. You will probably need a
> SSL library on both ends.
> 
> Sebastian
> 
> 

-- 
#      \/    Sebastian Ghiurca   
#   __,66    IU Campus 11/3/8              mailto:ghiurca[at]gmx.de
#    \\,_O   D-76646 Bruchsal        Phone: 0049-175-3253517 [cell]
#     ~      Germany                        0049-7251-700665 [home]

Next message: Brett.Benderat_private: "Re: Securely getting a password from a custom app into Oracle"
Previous message: Sam Hillaire: "Re: Securely getting a password from a custom app into Oracle"
Next in thread: Brett.Benderat_private: "Re: Securely getting a password from a custom app into Oracle"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 07 2002 - 09:43:01 PDT