I have a Windows Form Desktop Application that uses odp.net to connect to an Oracle Database. The app has multiple users connecting to the same schema (the schema store a table of users for the app).
The app is installed on every client machine, Windows 7, 8, 10, and 11 desktops. (more than five hundred's in different locations and companies)
Here is a sample code to open a connection:
var connString = "Data Source=XE;User ID=ABC;Password=pass123";
using (var conn = new OracleConnection(connString))
{
conn.Open();
Console.WriteLine("Connected to Oracle" + conn.ServerVersion);
}
The problem is if someone disassembles the code, using tools like JetBrains dotPeek, They will be able to read the user and key for the database.
I got success by using an oracle wallet to store my password out of app code, but the wallet is a problem too since anyone who got access to the client machine can easily connect to my oracle database.
How can I safely connect? or safely store my oracle credentials? Is there a kind of oAuth API that returns a temporary connection key to my DB?
Why don't you use
Integrated Security=truein the connection string and let the DBA handle Users authentication