Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: keeping odbc-users out?
Not sure if this is what you're looking for, but perhaps you should be
creating users with permissions granted indirectly through all roles which
are disabled by default. (ALTER USER x DEFAULT ROLE NONE) [Or a read-only
role as a default as you mentioned.] You can then have the application do a
SET ROLE command to enable the roles necessary only within the application.
As a further level of security you could create roles with passwords and
embedded the passwords within the application (in a security table) or
prompt the user for one to enable the roles. If you want further
information on this, let me know.
Juergen Gmeiner wrote:
> hi there,
>
> some of our customers are apparently starting to access our database
> (oracle wgs 7.3.2) via odbc.
>
> this is a medical application (archival of medical images) and somehow
> this makes me very nervous, imagining some crazy luser starting to
> delete stuff in ms-acce*s or something ...
>
> is there a way to restrict odbc-access to a read-only user?
>
> only solution i've come up with so far is to use "identified externally"
> for
> our application user and ensuring REMOTE_OS_AUTHENT is set
> to false. "read-only" users would be created with "identified by
> SOMEPASSWD",
> so the customers would be forced to use those via odbc.
>
> only drawback is that we are currently developping a java-based intranet
> client
> who depends on sqlnet access.
>
> anyone been there? what did you do?
>
> regards,
> juergen
Received on Tue Sep 29 1998 - 23:14:57 CDT