Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: keeping odbc-users out?

Re: keeping odbc-users out?

From: Martin Rapier <M.Rapier_at_shef.ac.uk>
Date: 1 Oct 1998 13:42:34 GMT
Message-ID: <6v00sa$i7h$3@bignews.shef.ac.uk> 





In article <3611DD96.53F77B60_at_moc.nospam.inait>, gj_at_moc.nospam.inait says...



{snip}



>that's definitly better than my "identified externally"-approach,


>because it won't break our java-client.


>


>of course, it's security through obfustication, but i think it


>might be just obfusticated enough for our customers ;-)





Not if you password protect the roles. Simply using non default roles does not 
stop an ODBC user from issuing an 'alter session set role' command.



The next issue is what do you do with your role passwords - hardcode them in 
the application or use lookup tables. The fun never ends...



This stuff is covered in the Application Developers guide.



Cheers


Martin



-- 


Martin Rapier, Database Administrator


Corporate Information & Computing Services.
University of Sheffield Tel 0114 222 1137
The opinions expressed here may be those of my employer, or they may not.
http://rhino.shef.ac.uk:3001/mr-home/


Received on Thu Oct 01 1998 - 08:42:34 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US