Oracle: Can a user log in without a password

oraclepassword

I'm writing a sqplus-like program. I assume the connect string contains the password if it contains a slash, e.g. scott/tiger or scott/tiger@orcl.

if connect string does not contain "/":
    prompt for password entry

Is there ever a case where a user could have a connect string scott or scott@orcl and not need to be prompted for a password?

Best Answer

Possible solutions:

Use a Secure External Password Store (Oracle Wallet): http://docs.oracle.com/database/121/DBSEG/authentication.htm#CHDHGAIJ

You can use the stored credentials without specifying a username or password. Connection string: /@orcl.

REMOTE_OS_AUTHENT: http://docs.oracle.com/cd/E18283_01/server.112/e17110/initparams208.htm

Not recommended, insecure, mentioned just for completeness, do not use it.

Kerberos Authentication: http://docs.oracle.com/database/121/DBSEG/asokerb.htm

You can use your directory credentials for logging in without specifying your username or password. Connection string: /@orcl.

SSL Authentication: http://docs.oracle.com/database/121/DBSEG/asossl.htm

You own a certificate and you will be authenticated by that, without specifying a username or password. Connection string: /@orcl.

Operating system authentication based on group membership. Works only locally, and for privileged users. Connection string: / as sysdba, / as sysoper, / as sysbackup, / as sysdg, / as syskb.

Related Solutions

How to access the password in SSIS 2005 by VB.NET

Given your symptoms, I believe you have changed your PackageProtectionLevel from the default setting of EncryptSensitiveWithUserKey to DontSaveSensitive This is a good thing in my world view but it does require that you now manage sensitive data.

The hackish approach you are using is to create a password Variable and then use that in an Expression as part of the Connection String. That works but you are now storing a password in clear text which is what the default PackageProtetionLevel was designed to protect against.

Fixing it "right" in my mind would involve storing that password as an external, secured resource. We always used SQL Server configurations in our packages and extended the base table with a column indicating whether this configuration was sensitive or not. In production, we, the developers, only had access to rows that were set as insensitive. The service account which ran all the packages had no such restrictions.

Alternate approaches are to store these configuration values in an XML file, registry key, environment variable or a parent package.

You can also skip the configuration route if you know your packages will only ever be launched through method X (batch file, Agent Job, etc). In that case, simply provide the password as a run-time value to the invoking process and all will be well.

Oracle connection suddenly refused on windows 8

Solved! The issue was LOCAL_LISTENER was not set to orcl. So

SQL> alter system register;

SQL> alter system set LOCAL_LISTENER='(ADDRESS = (PROTOCOL=TCP)(HOST=localhost)(PORT=1521))' scope=both;

did the trick!

Best Answer

Related Solutions

How to access the password in SSIS 2005 by VB.NET

Oracle connection suddenly refused on windows 8

Related Question