Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Preventing logins from applications

Re: Preventing logins from applications

From: Joe Testa <teci_at_the-testas.net>
Date: Tue, 28 Aug 2001 03:45:17 -0700
Message-ID: <F001.00379555.20010828035020@fatcity.com> 






we have prevented DML, but not selects, we didnt much care about selects
but changes were not allowed except thru the app.



we used the procedure set_client_info, read_client_info which are part
of the dbms_application_info package, here is the 10 second guide to
implementation:



this assumes you can alter the app.



    
  
  1.   your app upon login to the database calls the set_client_info with
some "key", it can be 40 bytes and we usually made it 40 random
characters.

  
  2.   a table exists with one or more "valid key"

  
  3.   a before insert,update,delete trigger exists on every table that you
want to have security on, it read the client info(via read_client_info
proc), compares it to legal values in the "valid key" table.  If it
matches, drop out of the trigger, if it does not match, raise an
exception, stating invalid appl for updates, notify.......

  
  4.   We used this not only as a way to make sure only certain apps could
update, but when we put out a new version, we changed the key, and didnt
let the old version into the database to do updates, since we removed
the old keys from the tables.






If you want to see some specifics of how we did it, email me direct.



joe


Denham Eva wrote:


> 

> Hi Gurus

> 

> Has anyone ever had to prevent users from accessing the Database from other

> applications other than those sanctioned by the company.

> ie prevent users accessing the database using Microsoft's Access and yet

> still be able to access via the company application which also uses ODBC.

> OR preventing users accessing the DB via sqlplus but still through the app.

> 

> I would appreciate any knowledge that can be shared on this topic.

> Many Thanks

> Denham





-- 
Joe Testa  
Performing Remote DBA Services, need some backup DBA support?
For Sale: Oracle-dba.com domain, its not going cheap but feel free to
ask :)
IM: n8xcthome or joen8xct
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Joe Testa
  INET: teci_at_the-testas.net

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Aug 28 2001 - 05:45:17 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US