Re: Forms/reports Application and DB security

Hi Glenn,
I have tried such methods . I make the roles password protected and set them default after connecting to the database in the main module but when the user opens the forms in the main module an other session is created and the new session have no active roles .This is also same in reports , when a form runs a report an other session is created for the reports .At the end I came to a result that I have to modify all of the forms and reports to manage this scanerio .This is a huge task for me . I am searching for an easy to implement solution ..

Best Regards

08.06.2006 tarihinde Glenn Stauffer <alaxsxaq_at_gmail.com> yazmış:
>
> You could try something similar to an app we use. Everyone is granted
> a set of password-protected roles that allow query or maintenance
> access to the data and a connect role that allows connection to the
> database, but provides no other privileges.
>
> The application has a security system that defines a user's privileges
> for specific forms. If the user connects to a form for which they
> have maintenance privileges, the maintenance role is activated. Forms
> for which they have query-only access activate the query role. When
> the user leaves the form , the password protected roles are
> deactivated and the user is left with only the connect role. Users
> can connect from other applications, but have no privileges on the
> database and no access to the application schemas. This requires
> careful monitoring of privileges granted to public.
>
> This doesn't exactly prevent access to the database by other tools,
> but does protect the application schemas from such access.
>
> If you are running your forms and reports apps through the web, you
> could firewall off the database server such that all connections are
> only through the app server layer. Sounds like you are running
> client/server forms, though.
>
> --Glenn
>
> On 6/8/06, Muhammed Soyer <msoyer_at_gmail.com> wrote:
> >
> > I want to allow only our application to access the database .And block
> all other apps .
> >
> >
> >
> > 08.06.2006 tarihinde Yasin Baskan < yasbs_at_kocbank.com.tr> yazmış:
> >
> > >
> > >
> > >
> > >
> > >
> > > What you want to do is blocking connections to the database for the
> users not using your application, or blocking them to access specific
> objects?
> > >
> > >
> > >
> > > ________________________________
>
> > >
> > > From: oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] On Behalf Of Muhammed Soyer
> > > Sent: Thursday, June 08, 2006 11:30 AM
> > > To: F.Castillo_at_hzd.hessen.de
> > >
> > > Cc: oracle-l_at_freelists.org
> > >
> > > Subject: Re: Forms/reports Application and DB security
> > >
> > >
> > >
> > >
> > >
> > >
> > > This is not an actual solution ..
> > > Anyone can change the names of applications and make themselves seem
> like an approved application ..
> > > Am I wrong ?
> > >
> > >
> > >
> > >
> > > 2006/6/8, F.Castillo_at_hzd.hessen.de <F.Castillo_at_hzd.hessen.de>:
> > >
> > >
> > >
> > >
> > >
> > > Hi
> > >
> > >
> > >
> > >
> > >
> > > You can use a system event trigger (logon) that automatically kills
> the connections established when the clients use something you don't wont!
> > >
> > >
> > >
> > >
> > >
> > > Felix
> > >
> > >
> > >
> > >
> > > -----Ursprüngliche Nachricht-----
> > > Von: oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] Im Auftrag von Muhammed Soyer
> > > Gesendet: Donnerstag, 8. Juni 2006 08:43
> > > An: oracle-l_at_freelists.org
> > > Betreff: Forms/reports Application and DB security
> > >
> > >
> > > Hi,
> > > We have applications developed by using forms 6i and reports 6i . We
> have implemented roles on the DB side .
> > > But we dont want our users to access the database by using other
> tools like ms excel, ms access etc ..
> > > How can we avoid this ?
> > >
> > > Regards
> > >
> > > Muhammed Soyer
> > > Oracle Developer
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Bu mesaj ve onunla iletilen tum ekler gonderildigi kisi ya da kuruma
> ozel ve Bankalar Kanunu geregince, gizlilik yukumlulugu tasiyor olabilir. Bu
> mesaj, hicbir sekilde, herhangi bir amac icin cogaltilamaz, yayinlanamaz ve
> para karsiligi satilamaz; mesajin yetkili alicisi veya alicisina iletmekten
> sorumlu kisi degilseniz, mesaj icerigini ya da eklerini kopyalamayiniz,
> yayinlamayiniz, baska kisilere yonlendirmeyiniz ve mesaji gonderen kisiyi
> derhal uyararak bu mesaji siliniz. Bu mesajin iceriginde ya da eklerinde yer
> alan bilgilerin dogrulugu, butunlugu ve guncelligi Bankamiz tarafindan
> garanti edilmemektedir ve bilinen viruslere karsi kontrolleri yapilmis
> olarak yollanan mesajin sisteminizde yaratabilecegi zararlardan Bankamiz
> sorumlu tutulamaz.
> > >
> > > This message and the files attached to it are under the privacy
> liability in accordance with the Banking Law and confidential to the use of
> the individual or entity to whom they are addressed. This message cannot be
> copied, disclosed or sold monetary consideration for any purpose. If you are
> not the intended recipient of this message, you should not copy, distribute,
> disclose or forward the information that exists in the content and in the
> attachments of this message; please notify the sender immediately and delete
> all copies of this message. Our Bank does not warrant the accuracy,
> integrity and currency of the information transmitted with this message.
> This message has been detected for all known computer viruses thence our
> Bank is not liable for the occurrence of any system corruption caused by
> this message
> > >
> >
> >
> >
>

--
http://www.freelists.org/webpage/oracle-l