Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Limiting DB Access to 1 Application

Limiting DB Access to 1 Application

From: Chris <chrish57_at_my-deja.com>
Date: 20 Sep 2001 16:19:04 -0700
Message-ID: <9bccb15f.0109201519.1bb12a4a@posting.google.com>


I'm rusty, so bear with me.

If you grant access priviledges to a user or role so that person can use application A to change the DB, how do you stop that same user from using application B (Ack! Even something as mundane as MSAccess using ODBC)to change the DB? Obviously if application A uses stored procedure or other application logic to ensure the updates are correct, using MSAccess could really mess things up.

I know you could bury a "super-user" id/password in the application code, and that this is a common solution in commercial code, but the security officer in me shivers over somebody finding out what that password is and the config manager in me shivers over having to change the source code as I move from DEVL to TEST to PROD.

I seem to remember that we had a better way to prevent this when I was last a hands on developer (v7), but I can not for the life of me remember how to do it now.

Any help appreciated.

Chris Received on Thu Sep 20 2001 - 18:19:04 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US