Stored procs vs. direct SQL, password confidentiality

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for Oracle
Post Reply
Posts: 48
Joined: Tue 17 Jan 2006 13:57
Location: Switzerland, Sion

Stored procs vs. direct SQL, password confidentiality

Post by labate » Thu 07 Sep 2006 09:28


Do you see any argument in favor or against usage of a stored procedure vs. direct SQL in code with CoreLab library?

Database user confidentiality (db user is only authorized to call stored procs, etc.) ?

My boss is very paranoiac about db user password confidentiality. Has someone already implemented a way to have the username/pwd fields encrypted in an external config file and decrypted in code to be used to connect to a DB?

Adriano Labate

Posts: 2756
Joined: Mon 13 Mar 2006 07:43

Post by Alexey » Thu 07 Sep 2006 10:46

Regarding database user confidentiality we cannot give you any advices. Please refer to Oracle server documentation.
Regarding performance, OraDirect works quickly with both stored procedures and direct SQL statements.
Password to be tranferred to ConnectionString one may take anywhere he/she wants.
We do not support this possibility because of great number of the different methods of storage.
Password is transmitted via network in the encrypted state. Oracle takes care about this itself.

Post Reply