What are my alternatives?

Arguably the best method of DB authentication is to instruct the DBM to use the OS to authenticate users.

See here for Oracle.

If the script(s) in question are to be used by a large number of users, then combining OS authentication with controlling visibility of te scripts through file system ACLs is a convenient mechanism. You place the scripts on shared media owned by a particular group and then give authorised users membership of that group.

The exact steps required will depend upon your DB and OS. The best place to look is the relevant documentation.

hmadhi:

There are multiple ways to do it. You could prompt the user for the information, store it in the registry (if it's windows), store it elsewhere, ...

However, if you want to pass security audits in your company, you ought to find out what everyone else is doing, and do it the same way (if possible). That way you won't have a username/password sitting out there in a non-standard location ready to bite some poor maintenance programmer at some future time.

...roboticus

When your only tool is a hammer, all problems look like your thumb.

Hi,

Ask your security people, they will tell you the acceptable ways to do it.

J.C.

What if your security people aren't sure either? I think if you have practices in place at your company how to do it, that's great, but there are definite cases, including new systems, where there is no standard. -theleftsock