Paul has made a nice post on his blog about the use of the secure external password store and specifically he has compared the use of a Wallet to that of storing a password in a text file (such as a script) and what the benefit is in terms of using a wallet generated and managed by Oracle to that of simply using a file. The conclusion is that they are very similar because the weak point is file permissions. Paul has shown how you can use secure external password store and create a wallet on one machine and then copy the wallet to another and simply use it to connect to a remote database without knowledge of the password.
Paul's article is called "Oracle Wallet AUTO LOGIN ~ common misconception corrected" - the common misconception is that the wallet is tied to the machine or user its create on/for - It is not!
Also for background reading Tim has an excellent paper on http://www.oracle-base.com/articles/10g/SecureExternalPasswordStore_10gR2.php - (broken link) how to use Secure External password store here.
Nice paper Paul!
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Java forensics and Apps Security (twice)"] [Next entry: "10g and 11g PL/SQL Unwrapper source code available"]
