Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials.
This wallet usage can simplify large-scale deployments that rely on password credentials for connecting to databases.
When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords.
Risk is reduced because such passwords are no longer exposed in the clear, and password management policies are more easily enforced without changing application code whenever user names or passwords change.
A. The first step is to configure the client to use the External Password Store
1) Create a wallet on the client. In this case the Forms server is the client for the Database.
mkstore -wrl <wallet_location> -create
2) Create database connection credentials in the wallet
mkstore -wrl <wallet_location> -createCredential <db_connect_string> <username> <password>
3) In the client sqlnet.ora file, enter the WALLET_LOCATION parameter and set it to the directory location of the wallet you created in Step 1.
Enter also the SQLNET.WALLET_OVERRIDE parameter and set it to TRUE
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = /home/oracle/pstore))
SQLNET.WALLET_OVERRIDE = TRUE
This setting causes all CONNECT /@db_connect_string statements to use the information in the wallet at the specified location to authenticate to databases.
4) With the external password store configured, test a connection from SQL*Plus
B. The second step is to adapt the Forms code to connect and use the External Password Store
One way is to use the LOGON procedure in Forms and send the username and password as parameters
This could be added in the ON-LOGON trigger at the Form level to connect with <username>/<password>@<db_connect_string> when the Forms starts.
For more details consult note 2066617.1: How to Connect from Forms to Database with Secure External Password Store (SEPS)?