RE: Privileges by session

From: Upendra N <nupendra_at_hotmail.com>
Date: Fri, 8 Jan 2010 19:00:35 -0500
Message-ID: <BLU129-W14578D2F01808806C3EAFD86F0_at_phx.gbl>

In our environment we have software dpkgs are built without the passwords, at the time of deployment they will be integrated with config files that contain database passwords. Other than SA no one should have access to the config files and App servers. However occasionally there will be instances where Developers may need to access one of the app server for troubleshooting, in such instances the production password may be exposed.

To address this, we have implemented TCP_INVITED_NODES using sqlnet.ora which acts as a firewall rejecting all the requests except the ones that are listed in there (we put in only the production app servers). In our setup, we usually don't have Oracle client installed on the app servers it works out easy, may not be possible on all the environments.

The most difficult step is to restrict developers on one project, once you set the precedence I find it easy to follow the lead. We go through audit sweep right before production launch to restrict application user access. In cases developers need more than read-only access we tell them we'll issue them "fireid" - temporary access to production.

-Upendra

CC: oracle-l_at_freelists.org
From: martin.a.berger_at_gmail.com
To: wblanchard_at_societyinsurance.com
Subject: Re: Privileges by session
Date: Fri, 8 Jan 2010 22:56:04 +0100

William,
I tried to follow all mails in this thread, but am not sure if I got all. At the end, it's a question of control:*) if the application is running on a dedicated application server, and developers has no acces there, you can create a logon trigger which allows access for the application-account only from these nodes. (ok, it's possible to fake IPs etc, but this is a story for your security.mgr)*) if the application is running on any PC, any developer could compile his own private version of the application and run it without any way to catch it. (in this case, only hard-core auditing can at least document all changes) so the first question should be: is there anything which is under your (or company) control - and developers cannot modify this? If you find such a fact, try to transfer it into a secure method to identify developers, and avoid any way to circumvent it. no help this time, but maybe a hint where to start. best regards, Martin

Greetings,
I have convinced management to allow me to grant read-only access to the developers. The problem is that they know the application passwords and have been using those passwords to circumvent my controls. Is there a way via a trigger, role, etc to change individual sessions privileges so they have read only (select) permissions? The easiest way would be to change the permissions on the applications but that's not an option. Thank you,
WGB

Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/196390707/direct/01/
--

http://www.freelists.org/webpage/oracle-l Received on Fri Jan 08 2010 - 18:00:35 CST

This message: [ Message body ]
Next message: Nigel Thomas: "Re: ORA01467: sort key too long error"
Previous message: Martin Berger: "Re: Privileges by session"
In reply to: Martin Berger: "Re: Privileges by session"
Next in thread: Martin Bach: "Re: Privileges by session"
Reply: Martin Bach: "Re: Privileges by session"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message