X

Proactive insights, news and tips from Oracle Fusion Middleware Support. Learn Oracle from Oracle.

How to use Secure External Password Store with Oracle Forms

Alexandra David
Principal Technical Support Engineer

     Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials.
     This wallet usage can simplify large-scale deployments that rely on password credentials for  connecting to databases.
     When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords.
     Risk is reduced because such passwords are no longer exposed in the clear, and password management policies are more easily enforced without changing application code whenever user names or passwords change.

A. The first step is to configure the client to use the External Password Store

1) Create a wallet on the client. In this case the Forms server is the client for the Database.
  Syntax example:
 mkstore -wrl <wallet_location> -create

2) Create database connection credentials in the wallet

Syntax example:

  mkstore -wrl <wallet_location> -createCredential <db_connect_string> <username> <password>

3) In the client sqlnet.ora file, enter the WALLET_LOCATION parameter and set it to the directory location of the wallet you created in Step 1.
       Enter also the SQLNET.WALLET_OVERRIDE parameter and set it to TRUE

Example:
WALLET_LOCATION =
    (SOURCE =
       (METHOD = FILE)
       (METHOD_DATA = (DIRECTORY = /home/oracle/pstore))
)

SQLNET.WALLET_OVERRIDE = TRUE

 This setting causes all CONNECT /@db_connect_string statements to use the information in the wallet at the specified location to authenticate to databases.

4) With the external password store configured, test a connection from SQL*Plus

Syntax example:

$ORACLE_HOME/bin/sqlplus /@<db_connect_string>

B. The second step is to adapt the Forms code to connect and use the External Password Store

One way is to use the LOGON procedure in Forms and send the username and password as parameters
 LOGON('/@db001', NULL);

This could be added in the ON-LOGON trigger at the Form level to connect with <username>/<password>@<db_connect_string> when the Forms starts.

For more details consult note 2066617.1: How to Connect from Forms to Database with Secure External Password Store (SEPS)?

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.