Secure External Password Store
The Oracle secure external password store (SEPS) enhances application security by eliminating the need to store clear-text database account passwords in scripts or other tools that access the database without user interaction, for example batch processes that run over night.
Introduced with Oracle Database 10g Release 2, SEPS has become increasingly popular as a means of increasing the security of existing applications. The primary benefit of SEPS is hiding the password from the operating system process list. Prior to SEPS being introduced it was possible to simply do a process listing on the operating system level to search for passwords used by CRON jobs and other batch processes associated with application processing.
The following example shows a connection to the database from the operating system command line using Oracle SQL*Plus. The user name, password, and connection alias are specified.
Using SEPS, the user name and password can be removed from the statement:
An additional benefit of SEPS comes in the form of password rotation. Using SEPS, changes to hard coded connection strings can be eliminated since the password is stored centrally and updated only once in the SEPS.
For more details, including the command-line proxy feature, see the technical white paper.