How Does the External Password Store Work? - syncsort_capacity_management - 12 - 12.40

Syncsort Capacity Management Installation Guide

Product type
Software
Portfolio
Integrate
Product family
Syncsort
Product
Syncsort Capacity Management
Version
12.40
Language
English
Product name
Syncsort Capacity Management
Title
Syncsort Capacity Management Installation Guide
Topic type
How Do I
Copyright
2023
First publish date
1985

Typically, users (including applications, batch jobs, and scripts) connect to databases by using a standard CON­NECT statement that specifies a database_connect_string. This string can include a user name and pass­word, and an Oracle Net service name identifying the database on an Oracle network. For example, the service name could be the URL that uniquely identifies that database, or a TNS alias you entered in the tnsnames.ora file in the database. Another possibility is a host:port:sid string.

The following examples are standard CONNECT statements that could be used for a client that is not config­ured to use the external password store:

connect salesapp/2Ip6Cg8@sales_db.us.acme.com

or

connect salesapp/2Ip6Cg8@ORASALES

or

connect salesapp/2Ip6Cg8@ourhost37:1527:DB17

In these examples, salesapp is the user name and 2Ip6Cg8 is the password, with the unique connect string for the database shown as specified in three different ways. You could use its URL sales_db.us.acme.com, or its TNS alias ORASALES from the tnsnames.ora file, or its host:port:sid string.

However, when clients are configured to use the secure external password store, applications can connect to a database with the following CONNECT statement syntax, without specifying database login credentials:

connect /@db_connect_string

where db_connect_string is a valid connect string to access the intended database, such as the service name, URL, or alias as illustrated in the earlier examples.

In this case, the database credentials, username and password, are securely stored in an Oracle wallet created for this purpose. The auto login feature of this wallet is turned on so the system does not need a password to open the wallet. From the wallet, it gets the credentials to access the database for the user they represent.

See also: The Oracle Database Advanced Security Administrator’s Guide for information about auto login wallets.