This question is based on my attempt to create an application in R that can pull data in from a remote Oracle database via ODBC, but I doubt the answers will be R specific.
I am trying to create an application that several users will use (that I'll call Reporter). The application will pull data from a remote Oracle database that is used by a Corporate application (that I'll call CorpApp) via an ODBC link. The Reporter app will then process the data and produce reports automatically.
The CorpApp has it's own, built in user authentication, and it doesn't use Oracle user accounts to control access (I assume the CorpApp install includes one set of Oracle User credentials in some secret, binary location that it uses).
As R is a scripted language, at the moment the user credentials I use to authenticate to Oracle are either available in the code, or in a data file that R can understand. Currently I am planning that this app will be an R package, probably as an extension to RCommander.
Are there any good ways to ensure that;
The ODBC driver has Oracle's standard client-server version interoperability, see Support Doc ID 207303.1. For example Instant Client ODBC 19c can connect to Oracle Database 11.2 or later.
Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials.
Start the ODBC test utility by selecting Start > Programs > Oracle > Network Administration > Oracle ODBC Test or by searching your system for the file ODBCTST. EXE and double clicking on the file. Click on the CONNECT button displayed by the ODBC Test utility.
Another possibility is to use an environment variable which your R scripts read via Sys.getenv()
and then insert into the connection string.
Assuming this is from Windows, you can set up the DSN in the Data Sources to store the password information. Also you can allow the user to provide the details at runtime - if they are required by odbcConnect the authentication dialog from the Data Sources set up will come up.
Those options aren't very advanced and they require transferring your questions about security to the operating system, but might be helpful if you've not considered them already.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With