Jon,
This is one of the options we have talked about. This
will require the vendor to do a bit of progamming. But
since they havent provided any security to this point,
it is the least they can do.
I'm just wondering if anyone has any ideas we can use
as a stop gap until the app is changed.
Thanks again for your help, Jon.
Larry Hahn
DB Manager
Journal Sentinel, Inc.
- Jon Walthour <jonw_at_fuse.net> wrote:
> Larry:
>
> Upon rereading your post (this time with my eyes
> open!), I see your
> problem. Hmm. I worked with a developer who did
> something like this. I
> don't know all the details, but I seem to recall
> that he didn't put the
> password in the DSN for the ODBC connection, but
> rather encrypted it in
> an .ini file that the app decrypted and used to log
> into the database.
> That way, the users couldn't use the ODBC connection
> with that userid
> outside of the app. That may not be an option for
> you here, but that's
> about all I can think of as an alternative.
>
> Jon Walthour
> -----Original Message-----
> Sent: Tuesday, August 21, 2001 3:36 PM
> To: Multiple recipients of list ORACLE-L
>
>
> Jon,
>
> Thanks for the response. But these users still need
> to
> do updates through the app. I only want to keep them
> from doing updates from outside the app.
>
> Larry
> --- Jon Walthour <jonw_at_fuse.net> wrote:
> > Create another user with select privileges only on
> > the objects in the app's schema. Give that one to
> > them and then change the password on the original
> > app id so they won't be able to use that one
> > anymore.
> >
> > Jon Walthour
> > >
> > > From: Larry Hahn <lhahn_60_at_yahoo.com>
> > > Date: 2001/08/21 Tue AM 11:21:04 EDT
> > > To: Multiple recipients of list ORACLE-L
> > <ORACLE-L_at_fatcity.com>
> > > Subject: User access within/outside of app
> > >
> > > List,
> > >
> > > We have purchased a system where users login
> > through
> > > an ODBC connection using a generic Oracle
> userid.
> > This
> > > userid has full rights to do insert, update,
> > delete,
> > > select on any table in the schema. The app asks
> > for
> > > another username and password which checks the
> > > application security table, which limits what
> > areas of
> > > the apps they can access.
> > >
> > > Although this may work fine for the app, the
> users
> > > also have the ability to use Access and other
> ODBC compliant
> > > programs to look at the data. When doing
> > so,
> > > they use the same ODBC DSN and, what do you
> know,
> > they
> > > have capabilities beyond their wildest
> > imagination.
> > >
> > > This is obviously not a situation I want to
> > implement.
> > > I am looking for a way to allow a user into the
> > app to
> > > do their normal work, but only allow read access
> > for
> > > anything outside the app.
> > >
> > > Any suggestions or ideas would be more than
> > welcome.
> > >
> > > Thanks,
> > >
> > > Larry Hahn
> > > Journal Sentinel, Inc.
> > >
> > >
> __________________________________________________
> > > Do You Yahoo!?
> > > Make international calls for as low as
> $.04/minute
> > with Yahoo! Messenger
> > > http://phonecard.yahoo.com/
> > > --
> > > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > > --
> > > Author: Larry Hahn
> > > INET: lhahn_60_at_yahoo.com
> > >
> > > Fat City Network Services -- (858) 538-5051
> > FAX: (858) 538-5051
> > > San Diego, California -- Public Internet
> > access / Mailing Lists
> > >
> >
>
> > > To REMOVE yourself from this mailing list, send
> an
> > E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > > the message BODY, include a line containing:
> UNSUB
> > ORACLE-L
> > > (or the name of mailing list you want to be
> > removed from). You may
> > > also send the HELP command for other information
> > (like subscribing).
> > >
> >
> >
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author: Jon Walthour
> > INET: jonw_at_fuse.net
> >
> > Fat City Network Services -- (858) 538-5051
> FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
>
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be
> removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
>
>
> =====
> Larry Hahn
> DBA
> Journal Sentinel,Inc
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute
> with Yahoo! Messenger
> http://phonecard.yahoo.com/
> --
> Please see the official ORACLE-L FAQ:
> http://www.orafaq.com
> --
> Author: Larry Hahn
> INET: lhahn_60_at_yahoo.com
>
> Fat City Network Services -- (858) 538-5051 FAX:
> (858) 538-5051
> San Diego, California -- Public Internet
> access / Mailing Lists
>
> To REMOVE yourself from this mailing list, send an
> E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of
> 'ListGuru') and in the
> message BODY, include a line containing: UNSUB
> ORACLE-L (or the name of
> mailing list you want to be removed from). You may
> also send the HELP
> command for other information (like subscribing).
>
>
> --
> Please see the official ORACLE-L FAQ:
> http://www.orafaq.com
> --
> Author: Jon Walthour
> INET: jonw_at_fuse.net
>
> Fat City Network Services -- (858) 538-5051 FAX:
> (858) 538-5051
> San Diego, California -- Public Internet
> access / Mailing Lists
>
> To REMOVE yourself from this mailing list, send an
> E-Mail message
>
=== message truncated ===
Larry Hahn
DBA
Journal Sentinel,Inc
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Larry Hahn
INET: lhahn_60_at_yahoo.com
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Tue Aug 21 2001 - 23:05:31 CDT