Oracle Data Source - potential "security hole"

Oracle Data Source - potential "security hole"

Post by Paul Hodgso » Fri, 02 Nov 2001 19:11:58



Hi,

I've been evaluating Analysis Services, and have a issue
with regards to using Oracle 8i as a datasource. When
specifying the OLE DB provider information, if the "save
password" option is checked, then the database username
and password are saved unencrypted in the Analysis Manager
Repository. This could pose as a problem!

I would just like to know a couple of things. Firstly,
would I be right in assuming that the Analysis Manager
Repository is in fact the same as the server repository
(which I have migrated from the Access database to Meta
Data Services Format in the recommended 'msdb' database)?
Secondly, is there any way around this issue? I.e. a way
to encrypt the data, or any other way? Thirdly, does
anybody else see this as an issue, or am I merely being
paranoid?!

Any information about the subject will be greatfully
recieved, as the info currently available seems to be
rather sparse! Any information pertaining to the
Repository, and the issue raised.

Thank you for reading, and thanks for any help you may be
able to give.

Paul Hodgson.

 
 
 

Oracle Data Source - potential "security hole"

Post by Dennis Redfiel » Fri, 02 Nov 2001 21:41:26


A recommendation:  DO NOT USE the Meta Data Format - instead migrate from
MDB to the "native" format (aka v7 format).
On your other issues:
"the Analysis Manager Repository is in fact the same as the server
repository "
TRUE

"the database username and password are saved unencrypted"
SEEMS TO BE TRUE
"am I merely being  paranoid?!"
How Safe Is Your Database? Does the government send messages to you through
filling in your teeth?


Quote:> Hi,

> I've been evaluating Analysis Services, and have a issue
> with regards to using Oracle 8i as a datasource. When
> specifying the OLE DB provider information, if the "save
> password" option is checked, then the database username
> and password are saved unencrypted in the Analysis Manager
> Repository. This could pose as a problem!

> I would just like to know a couple of things. Firstly,
> would I be right in assuming that the Analysis Manager
> Repository is in fact the same as the server repository
> (which I have migrated from the Access database to Meta
> Data Services Format in the recommended 'msdb' database)?
> Secondly, is there any way around this issue? I.e. a way
> to encrypt the data, or any other way? Thirdly, does
> anybody else see this as an issue, or am I merely being
> paranoid?!

> Any information about the subject will be greatfully
> recieved, as the info currently available seems to be
> rather sparse! Any information pertaining to the
> Repository, and the issue raised.

> Thank you for reading, and thanks for any help you may be
> able to give.

> Paul Hodgson.


 
 
 

1. "Error Configuring Data Source"

I'm getting this error message from a third party program that is hitting a
SQL database. I have checked the configuration in the ODBC settings. That
connection is working ok. Any clues about this message? I know it's pretty
vague, but I've tried about everything. Even the support for the third party
program have been pretty unhelpful. Thanks.

Randy

2. double conversion with ESQL/C on Linux

3. "Invalid data source" with DataReport

4. RedHat 6.0 and IDS 7.30UC7

5. "Data source name too long" exception

6. SQLBulkInsert

7. help - "data source name not found"

8. whats happened to inspdver in 8i ?

9. "Data source not found" message

10. max of ("...","...","..")

11. "C/C++ SOURCE CODE"

12. DTS with "dynamic" source schema

13. Recordset and Oracle "Number" Data Type