Stored procs vs. direct SQL, password confidentiality

Stored procs vs. direct SQL, password confidentiality

Postby labate » Thu 07 Sep 2006 09:28

Hi,

Do you see any argument in favor or against usage of a stored procedure vs. direct SQL in code with CoreLab library?

Performance?
Database user confidentiality (db user is only authorized to call stored procs, etc.) ?

My boss is very paranoiac about db user password confidentiality. Has someone already implemented a way to have the username/pwd fields encrypted in an external config file and decrypted in code to be used to connect to a DB?

Thanks.
Adriano Labate
labate
 
Posts: 48
Joined: Tue 17 Jan 2006 13:57
Location: Switzerland, Sion

Postby Alexey » Thu 07 Sep 2006 10:46

Regarding database user confidentiality we cannot give you any advices. Please refer to Oracle server documentation.
Regarding performance, OraDirect works quickly with both stored procedures and direct SQL statements.
Password to be tranferred to ConnectionString one may take anywhere he/she wants.
We do not support this possibility because of great number of the different methods of storage.
Password is transmitted via network in the encrypted state. Oracle takes care about this itself.
Alexey
 
Posts: 2756
Joined: Mon 13 Mar 2006 07:43


Return to dotConnect for Oracle