I am new to development and learning through lot of youtube videos and oracle documentation. I have a question for which I was not able to find a solution online and was hoping someone could help answer it here..
I want to use oracle free tier cloud based autonomous transactional database and create the rest api on it using the below url as a reference.
However my question is if I create a web app where I can get the user to create account using username and password, what is the best practice to store the data and retrive for auth in the oracle database for auth user.
Is there a credentials table where I can store all the username and password details or should I use a encypted table.
Also, Can someone please help advise how to create sql post method query to retrieve the user creds for validation.
Thank you for all your guidence.
Thank you!
In the database you have a schema - this is the collection of objects -
these are owned by a USER. A database user and schema in Oracle are largely synonymous and a user will have a password.
You then also have your application. Your application most likely also has users. These are completely different users than what you have in the database.
Now, your application COULD use database authentication, but that's highly not recommended. Why? Because then your application users could also theoretically go directly into the database.
It's not clear by your question if you're asking how to manage database usernames and passwords in general or if you mean in terms of your application.
For your application, we recommend you use either our OAuth2 workflows to secure your REST APIs, or you build your own authentication system...for example you could control access to your APIs in the Oracle Cloud using the API Gateway Service.
For managing passwords in the database, you should most definitely NOT store those in a table somewhere. THe user when they get their password, should securely manage that as they would the password to their online banking system.
The web interface we have would work just fine with online password managers like LastPass, but I'm not personally advocating or saying that would be good for your scenario.
Running SQL to find out someone's password isn't really what we do in Oracle. Either you already know it, or you change the password to something so that you definitely know it.