| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: security without using different usernames
I think the idea was always "roles plus setting current schema" - not just
roles on their own. Heck, I'd be so paranoid that I'd make the default
schema empty rather than belonging to a specific site so that if the
executable isn't renamed then it connects to an empty database - it will
make it much easier to track the chance.
I was considering suggesting looking at the IP address to try and determine originating site but it carries too much risk - dynamic IP's, changing IP's, etc. It seems like renaming the executable might be the safest approach - as long as you make the default schema redundant.
I guess you might have some impact on your ability to tune and debug the application and monitor usage when everyone is connecting as the same user but that will be something you'll have to live with. I guess you could shoe-horn some other parameters in with the "set schema" command if different sites have different performance demands (sort_area_size, etc) - just create a config table in the default schema and write a fancy logon trigger.
"Ryan"
<rgaffuri_at_cox.net To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
> cc:
Sent by: Subject: Re: security without using different usernames
ml-errors_at_fatcity
.com
16/07/2003 09:44
Please respond to
ORACLE-L
roles wont work. The tables in the different schemas all have the same names. The application is not coded to 'schemaA.table'. Its just set to the table.
roles plus setting the schema is possible to be 'safe' with security. I like that idea.
you can create multiple roles also . So if you have schema a,b,c and they use Z as userid to login then create role_a, role_b, role_c where role_a has permissions for object in schema a and role_b has permissions for schema b . Enable proper role at the time of startup ( embadded in client code ).
-ak
I know this is terrible design, but the GUI was created by a software engineering group that is seperate from the database group. Its not scalable. So Im trying to come up with a more scalable method. I have no power to change their gui. It rides on the database. I have to live with it. This is not a high enough transaction database to warrant seperate instances.
We have a variety of customers. Each of them has their own versions of data. However, the schema is exactly the same. These tables can get huge, so we dont want to throw them all into the same schema.
Right now, due to the fact that the GUI has a series of logins that are the same across clients, each client has its own instance. This isnt very scalable as we get more business. We have to create another instance and ingest data to it.
Id like to find a way to get all the clients in the same instance with just different schemas and tablespaces. One thing I may have control over would be to slightly rename the executable. If you check v$session, in a client-server application the name of the product connecting to the database is recording. I can handle security based off of that.
My question is what would be the best way? Cant do synonyms for this since its the same login. I think I saw somewhere that there is a session based 'set' command where you can say use this schema. I think it was on asktom and in reference to a question about public synonyms. I cant find it. Anyone know it?
Also is it viable to base a context off of what is in v$sesion with a logon trigger? How would I 'redirect' all queries to a specific schema?
To stress, I cant change the application. Different group with different skillsets. Any suggestions?
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Privileged/Confidential information may be contained in this message.
If you are not the addressee indicated in this message
(or responsible for delivery of the message to such person),
you may not copy or deliver this message to anyone.
In such case, you should destroy this message and kindly notify the sender
by reply e-mail or by telephone on (61 3) 9612-6999.
Please advise immediately if you or your employer does not consent to
Internet e-mail for messages of this kind.
Opinions, conclusions and other information in this message
that do not relate to the official business of
Transurban City Link Ltd
shall be understood as neither given nor endorsed by it.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<---->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Privileged/Confidential information may be contained in this message.
If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone.
In such a case, you should destroy this message and kindly notify the sender by reply e-mail or by telephone on (03) 9612-6999 or (61) 3 9612-6999.
Please advise immediately if you or your employer does not consent to Internet e-mail for messages of this kind.
Opinions, conclusions and other information in this message that do not relate to the official business of Transurban Infrastructure Developments Limited and CityLink Melbourne Limited shall be understood as neither given nor endorsed by them.
Received on Tue Jul 15 2003 - 19:28:47 CDT
 |
 |