Re: Creation of profile using PASSWORD_VERIFY_FUNCTION ??? (Was "Security for a group of users ???")

Hi,

ich habe Deine Antwort nicht uebersehen, bin bloss noch nicht dazu gekommen sie zu kommentieren.

Now in english (for all the user newsgroup members)

I didn´t miss your first posting, but did not find the time to comment it until now.

Generally we have some problems to change existing applications as this means administrative efforts.

What we want to have is to restrict access to the ORACLE database to some applications.

But as far as this discussion goes, it seems impossible doing so by use of administrative means only.

Thanks for your input,
Wolfgang.

On Fri, 31 Jul 1998 17:06:07 GMT, iolo_at_my-dejanews.com wrote:

>In article <35c1d4b7.366722649_at_news.muc>,
> Wolfgang.Rothmayer_at_bmw.de wrote:
>> Hi there,
>>
>> in my efforts to find a security mechanism a newsgroup member
>> suggested to use the table PRODUCT_USER_PROFILE.
>> The key point is, that up to now this seems only to work for ORACLE
>> products (i.e. SQL*PLUS).
>> But we need some application level of security where some apps shall
>> be granted to a user or a role but the most of other apps will be
>> locked for all users.
>> This is especially needed for database access through ODBC connections
>> (MS-ACCESS).
>>
>> I know that interessting data can be found in the table v$session in
>> the fields OSUSER, TERMINAL, PROGRAM and MACHINE.
>> With this fields an identification of an ODBC connection with
>> MS-ACCESS can be done.
>>
>> Another feature which can be used for security is the command CREATE
>> PROFILE where a function (scripts) can be specified which is executed
>> at logon of any user. This function can be specified with
>> PASSWORD_VERIFY_FUNCTION.
>>
>> Now my questions:
>>
>> Did anyone of you ever try this feature ?
>>
>> Did you experience any problems with it ?
>>
>> Could you kindly point me to samples where this feature is or has been
>> used successfully ?
>>
>> Did anyone of you use the table PRODUCT_USER_PROFILE for other than
>> ORACLE applications ?
>> If so, are there any problems ?
>>
>> What is the life cycle of the table v$session ?
>>
>> Will I be able to use information of this table in a logon
>> verifications scripts ?
>>
>> Many, many thanks in advance for any input.
>> Wolfgang.
>>
>>
>H(a/e)llo Wolfgang,
>
>German - Du hast vielleicht meine erste Antwort übersehen, deshalb erlaube
>ich mir dieselbige hier noch einmal zu wiederholen, da ich glaube dass
>sie ihren Zweck erfüllt.
>
>English) - You've probably missed my first post on this so I'm reckless enough
>to re-post it here.
>----
>
>Now if what you really want to do is allow this *group user* to access the
>database via your NT app, but prohibit any user who knows the *group user*
>Oracle login to do the same from sqlplus, there is a very simple way do do
>this.
>
>In the logon process of your NT app add a string (unknown to any user) to
>the password they type in. In that way they will be able to connect via your
>app, but not from sqlplus, as the password is not the one theu're really
>identified with on the Oracle instance.
>
>grant connect to *group user* identified by password + 'secret string'
>
>HTH
>
>--
>Oliver Willandsen
>European Commission
>http://europa.eu.int
>All remarks are my own and do not necessarily
>reflect official European Commission policy
>
>-----== Posted via Deja News, The Leader in Internet Discussion ==-----
>http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum
Received on Wed Aug 05 1998 - 03:46:03 CDT