Manage Learn to apply best practices and optimize your operations.

Best practices for secure user creation

I have a question regarding best practice for user creation/security within the database. When creating a new application,...

should we design a table containing multiple usernames and corresponding encrypted password in the database i.e. implement application-level security for the application.


Should multiple database level users (like scott etc.) be created i.e. for each application user a corresponding database user is created and database level security be maintained.
There's no substitute for securing the data. Security programmed in the application can still be circumvented by connecting directly to the database (or attempting to). Plus, with one application user that has a superset of all privileges needed by any application user, one breach can allow access to all the database data very easily.

I would establish database accounts for each user, but actually connecting to the database with individual user accounts would eliminate the usefulness of database connection pooling. Plus, you'd incur the overhead of establishing a new database connection each time a user logs in to the application.

I'd investigate the Proxy Authentication mechanism that was created precisely to address this situation. It is not difficult to configure on the database end, but the application will have to connect differently to utilize this feature. The Oracle9i documentation for Proxy Authentication begins here: http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96521/users.htm#17433.

This was last published in April 2004

Dig Deeper on Oracle database security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.