Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to avoid storing credentials to connect to Oracle with JDBC?

Tags:

credentials

oracle

jdbc

Is it possible to setup a JDBC connection to Oracle without providing username/password information in a configuration file (or in any other standard readable location)?

Typically applications have a configuration file that contains setup parameters to connect to a database. Some DBAs have problems with the fact that usernames and passwords are in clear text in config files.

I don't think this is possible with Oracle and JDBC, but I need some confirmation...

A possible compromise is to encrypt the password in the config file and decrypt it before setting up the connection. Of course, the decryption key should not be in the same config file. This will only solve accidental opening of the config file by unauthorized users.

like image 703
Hans Doggen Avatar asked Sep 24 '08 12:09

Hans Doggen

People also ask

Is Oracle JDBC connection encrypted?

The Java implementation of Oracle Advanced Security provides network encryption and integrity protection for Thin JDBC clients communicating with Oracle Databases that have Oracle Advanced Security enabled. This section contains the following topics: Java Database Connectivity Support.

Where will we store the credentials for the Oracle database to connect?

Oracle Wallet can be used to securely store the database credentials. Multiple credentials for multiple database can be stored in a single wallet file.

Can JDBC connection be encrypted?

Encryption of JDBC connection is managed by parameters passed to the third party JDBC client jars that are supplied by the JDBC provider. You can use the IBM® Integration Bus JDBCProviders configurable service or a vendor-specific configuration file to pass the parameters.

1 Answers

You may want to try Kerberos which can use the OS user's credentials and adding the OS user to the database as identified externally. Make sure that you use Kerberos and not the old way of doing this, which had serious security issues.

For Kerberos support you would need the advanced security option and a recent JDBC driver, probably 11g version. Before trying to get it to work in Java, try it out in Sql*Plus using '/' as username and empty password. "select user from dual" should give you user@domain. You may also find that there is a fundamental difference between using thin or OCI driver when it comes to Kerberos configuration.

like image 102
stili Avatar answered Sep 24 '22 03:09

stili
Sign in to Comment

Related questions

Concurrent updates handling in hibernate
How to get list of all materialized views in oracle
Windows cannot find 'http:/.127.0.0.1:%HTTPPORT%/apex/f?p=4950'. Make sure you typed the name correctly, and then try again
SQL "Join" on null values
UTL_FILE.FOPEN() procedure not accepting path for directory?
Does SQLDeveloper support executing scripts?
JDBC ResultSet getDate losing precision
Oracle 11g SQL to get unique values in one column of a multi-column query
Why doesn't Oracle SQL allow us to use column aliases in GROUP BY clauses?
How to check any missing number from a series of numbers?
Selecting the second row of a table using rownum
Oracle Equivalent to MySQL INSERT IGNORE?
How to display Oracle schema size with SQL query?
Convert OracleParameter.Value to Int32
How do I print output in new line in PL/SQL?
Query to order by the last three characters of a column
get string from right hand side
Oracle REPLACE() function isn't handling carriage-returns & line-feeds
Hidden features of PL/SQL [closed]
How can I handle different data types in an Entity-Attribute-Value design (e.g. single table with multiple columns or multiple tables per data type)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!