Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent use ODBC to connect Oracle Engine
Another way to do this is using password protected roles. The roles
alone have the permissions to access the tables and are granted to
each user as needed. The passwords are only know to the applications
that are authorized to access the database. Since the ODBC user does
not know the key, they cannot access any data. With the use of
encryption this can be made difficult to determine the password from a
copy of the application code.
Chris Sutter
BJC Health System
Ed.Stevens_at_nmm.nissan-usa.com wrote:
>In article <74kvqh$cnh$1_at_news.seed.net.tw>,
> "Bill" <btzeng_at_ms1.hinet.net> wrote:
>> Hi,
>> For security concern, does anyone have the experience that :
>> How can I config the DB to prevent user connect to Oracle DB on Unix by ODBC
>> ?
>> (I prefer user using sql*net client only !!)
>>
>> Thanks.
>>
>>
>
>Ultimately, I don't think you can. As I mentioned in another reply in this
>thread, even if you remove the Oracle ODBC drivers, there are others (most
>noteably Microsoft) that users can load on their machines if they want to get
>to your databases with MS Access, etc. We have the same problem, and the only
>thing we've come up with is to very tightly control the userids and passwords.
>We have one userid that we grant only CREATE SESSION and SELECT to. All known
>users with a need are given the knowledge of this userid. We have another
>userid, known only to the DBAs and changed frequently, that our home-grown
>applications use for update purposes.
Received on Mon Dec 14 1998 - 04:19:02 CST