Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: need help to secure production DB from ODBC access

Re: need help to secure production DB from ODBC access

From: Christopher M. Day <christopher.day_at_rdbms.freeserve.co.uk>
Date: Wed, 24 Feb 1999 23:41:04 +0000
Message-ID: <36D48E10.1C50304F@rdbms.freeserve.co.uk> 





Ellie,



We had the same problem, our solution was to apply encryption on the
server and application side for the password. 
ie



password=foobar 


encrypted=ofbora



The application would take the password 'foobar' and change it to
connect. The DBA's on the serverside would run our password encryption
scheme to get a valid password for 'ALTER USER ...'.



IF the user tried with SQL*Plus or ODBCTest, they have difficulty
connecting and can be easily audited.



Chris.



Ellie Fillmore wrote:


> 


> We have our Oracle 7.3 database on an HP-UX box and is being accessed


> through a canned front-end that requires each oracle user


> select,insert,update,delete authority to each table.  The front-end is a


> project management tool that also interfaces with Microsoft project.  How


> can we limit people from coming in thru ODBC to change the data and force


> them to come in thru the front-end??


> 


> Any ideas would be appreciated!


> 


> efillmore_at_earthlink.net


Received on Wed Feb 24 1999 - 17:41:04 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US