| 摘要 |
A SAN management application stores a password file in a secure repository inside a database to which the stored passwords provide access. A separate database account (i.e. login) is created to afford access to the password repository. The password repository, typically a database table or file, is stored in a secure area accessible only by the specialized password account. A separate password, or access token, is employed for access to the password repository account. Executable entities, such as processes of the management application, are encoded with the password, or access token, to the password repository account. From the password account, the password repository provides availability to the stored passwords for specific privileged access by designated processes. In this manner, a dual level authorization is provided to privileged database operations, and corresponding logic embedded in particular processes authorized to traverse both levels.
|
