On Fri, 15 Mar 1996, Mike Harmon wrote:
> The application folks where I work have a need for a two-way encryption
> program which can be used to protect a 'password' file used by a UNIX
> application. What they're doing is making a connection from a 4GL
> program (Texas Instruments' IEF) to a database (Oracle) for a
> client-server application. In order to connect to the database, they
> have to supply a user ID and password under program control
> They told me that they were just going to put the file out there in clear
> text and protect it using UNIX permissions, but I advised them that it
> wouldn't go to production like that. Now they're bugging me to tell them
> how to encrypt it and decrypt it.
> This doesn't have to be DOD-type secure, but it needs to be something
> that CRACK can't crack. And it needs to be two-way, because they're
> going to read the file and get the password, decrypt it, and use it to
> log on to the database.
> Any one have any helpful ideas?
That is certainly a sticky one. There are two ways that I know of that you
can connect to an oracle DB. one, send across plain text username and
password, two have the account setup as an ops$user account so that it
assumes you are already authenticated (e.g. you're already logged in on
a Unix machine and have been authenticated by virtue of that).
We're having a similar problem deciding how users should authenticate
with oracle from PC's and macs running a simple Tcl/Tk database front
end query tool with extensions. The solution I have been contemplating
is to actually have a daemon (separate from oracle) running on the oracle
machine that handles the authentication (via secure RPC, diffie helman,
RSA, whatever) which then passes the queries off to oracle. Yes, you may
possibly have a bottleneck, but it will work well for us. Now I have
the option of the auth server just accessing oracle under one account
name and providing the security for me, rather than having to create
a separate oracle account for every user.
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
Pro is to Con as progress is to congress