Jonathan Quinn wrote:
1) Storing passwords in plain-text on disk is never a good idea
2) Saving the password in the connection file and moving the connection file into a location that only authorized users can access is a good idea
3) Not saving the password in the connection file and requiring users to enter the password can help make sure even if someone does access the connection file, they can't open the database. This doesn't work with batch/automated jobs
4) Using OS authentication, (Connect to Oracle from ArcGIS—Help | ArcGIS Desktop, Authenticating Database Users with Windows), is a good solution as the credentials are pulled from the user running the process connecting through the connection file, (ArcMap, scheduled task through a batch file, ArcGIS Server).
1) Yep, I could not agree more... I think our system needs to change.
2) This is how we did in my last job that had an enterprise GIS system. I have only been in my new role for a few months. I am no security expert, so when I saw this GIS batch job setup I thought I was potentiality missing some flaw in the arcgis DBA connection file model.
3) We have this setup for every day admin tasks.
4) Everyone, save GIS admins, use OSA only.
Thanks for the input. I am going to suggest a change to the team...