Application Security

Does anyone have application-level security in place that they feel is truly secure (or secure enough)? How do you secure your ORACLE databases without creating an administrative nightmare. We are planning on writing a security application that all other applications can call to check what functions an individual user is allowed to perform. We will use the Netware userid for this. This means there will be an administrative role to maintain userids and authorities in the security application. We wish to avoid also having the same administrative role in the DBA area (ie: creating ORACLE userids and granting them access to whatever tables they need). However, we are concerned that someone could get access to ORACLE outside of the normal application systems, using something like SQL*Plus, and have more power than we want.

Has anyone already solved this problem? Are there any documents discussing this?

Any help or recommendations would be appreciated.

Thanks Received on Mon Sep 08 1997 - 00:00:00 CDT