Re: Privileges by session

product user profile is very weak protection and can be easily bypassed; see http://www.petefinnigan.com/news_letter_001.pdf but also it only works for SQL*plus

cheers

Pete

GovindanK wrote:
> Did you consider PRODUCT_USER_PROFILE?
>
> GovindanK
>
>

>> On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
>> wblanchard_at_societyinsurance.com > wrote: 
>>
>>
>>
>>
>>
>> Greetings, 
>>
>> I have convinced management to allow me to grant read-only access to the
>> developers. The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls. Is there a
>> way via a Is there some reason the obvious solution wont' work? 
>>
>>
>> That is, change the passwords. 
>>

-- 

Pete Finnigan
Director
PeteFinnigan.com Limited

Specialists in database security.

If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7742 114223
email: pete_at_petefinnigan.com
site : http://www.petefinnigan.com

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940 6681 14

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
http://www.freelists.org/webpage/oracle-l