Hi,

I want to establish a system to manage web application password. Because our web applications are used by more than 10000 user, each application has one oracle account per oracle role and the users use "application account" to log in.

To connect to the database, we look for a generic account information in a XML file. This account has restricted privileges. The user use his application account to login. The application use the generic account to retreive the role of the user (saved in a user table) and use the appropriate oracle account to set the proper privleges.

The account information of those users are saved in a XML file. The password are encrypted in the file and the application decrypt the password before connecting to the database(using the generic account).

There is a simpler and more effective way to do this kind of web users management?

Thanks