Our batch programs/scripts have clear text USERID/PASSWORD imbedded in it. The IT audit recommended to use Oracle-Wallet to store and hide the passwords.
Now I setup Oracle-Wallet to store the passwords. For example If I connect to system/manager, I can now connect as sqlplus /@connect1.
So would that be more risky? That anyone can connect directly as simple as that at command line, if he/she remembers this connect string?
How can I prevent this more easy access?
Your comments is highly appreciated.
Batch programs run in a specific o/s production user account (e.g. prod).
The process in that account, was authenticated in some way for running in that account (owner of the executable, owner of the batch scheduler, etc). In other words, another user cannot execute its processes as the prod o/s user. Thus the prod processes are vetted and trusted processes.
As such, it does not make sense for these processes to attempt to authenticate themselves with the database.
What does make sense (as prod is the production o/s user and runs trusted processes), is for the database to trust the prod o/s user (i.e. relegate authentication of prod and prod processes to the o/s kernel).
This is done by creating a schema user in Oracle that uses external authentication, allowing prod processes to create database sessions, without these trusted and vetted processes having to authenticate themselves - as o/s authentication already did that.
Thanks Billy for the clear explanation ,
The way I want I see as a secure and ideal setup is this:
>We have and HR application.
>All prod tables are created in HR schema.
>Create a role batch_user_role.
>Grant required privileges from HR tables to this role.
>Create a new user batch_user.
>Grant batch_user_role to batch_user.
>The batch_user has a counterpart "batch_user" at OS level.
So this way batch_user has ownership and accountability both on OS and DB, because he has the same username and therefore can be authenticated by single sign-on or ops$.
What I do not understand is the IT Auditor requirement. (Maybe he did not understand what the docs said?)
Or can you validate if this a valid db security audit of his?
1. The batch operators must have his own ID at OS level for ownership and accountability. We have 6 batch operators(scott,steve,sam,david,josh,jim) for the daily 3-shift duty.
2. Each of them has his own id at unix/aix. But they will not have userID in the database.
3. They will run the batch scripts/programs that has password-wallet hidden connecting to "batch_user" in the database. So they all share the batch_user.
So which do you think meets the security audit standards?