RE: two instance -- one database

From: Rich Jesse <rjoralist_at_society.servebeer.com>
Date: Wed, 24 Sep 2008 12:15:58 -0500 (CDT)
Message-ID: <45045.12.17.117.251.1222276558.squirrel@12.17.117.251>

> I think that COTS applications always have unique concerns. I should have
> been clearer that this is an in-house built app.
>
> But that's a very interesting scenario and approach. Thanks for sharing
> that. I have two questions. Do you include SELECT in DML, sometimes it is
> and.. If you control INS/UPD/DEL via the view only database, I guess that's
> fine, but do you force selects too?

No I don't include SELECT in the category of "DML" since it's not Manipulating anything. I can see restricting the tables from which queries are run being a future requirement, but for now SELECT is wide open.

> Second, why choose to not create any other schemas in our production? You're
> attempting to overcome a security deficiency in the prod database, why not
> create the Gatekeeper schema there? Seems like an aesthetic decision more
> than a practical one.

I'm not sure I follow you. The GRANTs are to PUBLIC, which is a special role that cannot be revoked. How would the gatekeeper prevent access other than perhaps a complex web of triggers?

Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Sep 24 2008 - 12:15:58 CDT

This message: [ Message body ]
Next message: Niall Litchfield: "Re: two instance -- one database"
Previous message: Mercadante, Thomas F (LABOR): "RE: two instance -- one database"
In reply to: Brady, Mark: "RE: two instance -- one database"
Next in thread: Roberts, David (GSD - UK): "RE: two instance -- one database"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message