Re: Limiting DB Access to 1 Application

chrish57_at_my-deja.com (Chris) wrote in
news:9bccb15f.0109201519.1bb12a4a_at_posting.google.com:

> I'm rusty, so bear with me.
>
> If you grant access priviledges to a user or role so that person can
> use application A to change the DB, how do you stop that same user
> from using application B (Ack! Even something as mundane as MSAccess
> using ODBC)to change the DB? Obviously if application A uses stored
> procedure or other application logic to ensure the updates are
> correct, using MSAccess could really mess things up.
>
> I know you could bury a "super-user" id/password in the application
> code, and that this is a common solution in commercial code, but the
> security officer in me shivers over somebody finding out what that
> password is and the config manager in me shivers over having to change
> the source code as I move from DEVL to TEST to PROD.
>
> I seem to remember that we had a better way to prevent this when I was
> last a hands on developer (v7), but I can not for the life of me
> remember how to do it now.
>
> Any help appreciated.
>
> Chris
>

With V8.1.5+ Oracle supports logon triggers. You support a table of "whitelisted" applications. By querying V$SESSION you can determine the PROGRAM being used to gain access into Oracle. If the PROGRAM is NOT contained within your whitelist, then simply terminate the session. Error messages are optional. ;-)

HTH! Received on Thu Sep 20 2001 - 20:13:58 CDT