|
|
|
|
|
Enhancing Security of Oracle Database Connection
For each database connection (dbsession), a database user (dbuser) and password (dbpassword) used to establish the connection have to be specified:
- Information about database users and their passwords is stored in a configuration file (AuthenticationManager_jaas.config) found in Valuemation installation directory.
- To enable Valuemation unrestricted work with the database, these users have to be granted a full range of database rights.
Having the login data of users with full database rights which are easily accessible to unauthorized parties may be considered potentially hazardous in certain business environments.
Consequently, Valuemation offers two optional methods to enhance the security of database connection parameters used by the application to establish connection to the database:
- Method 1: Database rights provided to the user via an encryption-protected database role
When this method is used, the user connecting to the database (i.e. user whose logon data is stored in the 'AuthenticationManager_jaas.config' file) is by default given only very limited ('harmless') database rights. The full set of rights enabling unrestricted work with Valuemation is then granted to the user via a pre-defined database role. In order to activate this role, the user needs logon data stored in Valuemation in an encrypted form.
- Method 2: Encrypting the 'AuthenticationManager_jaas.config' file
This straightforward method is based on encrypting the entire content of the 'AuthenticationManager_jaas.config' file by a proprietary encryption tool.
Note: Method1 and Method2 can be used in combination.