Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> OS authenticated vs. Known passwords

OS authenticated vs. Known passwords

From: Tommy Wareing <p0070621_at_brookes.ac.uk>
Date: Wed, 27 Jan 1999 14:47:45 GMT
Message-ID: <36af24a9.525168252@news.brookes.ac.uk> 





We're getting two new machines. One's going to be a database server,
one's going to be the user server.



So users will telnet to one box, and run character mode forms 4.5,
connected via SQL*NET to the server.


We also have some users using SQL*NET directly from their PCs to
connect to Oracle accounts with select only access.



We do not want the users to have access to Oracle accounts that can
modify the database with out them being forced to use our forms.



How do we arrange this? It gets hard to even describe the problem...



We have to use O/S authentication, because that's the only way to stop
users knowing their oracle passwords.


But O/S authentication is indiscriminate... any host can claim that
it's O/S authenticated, whether we trust it or not.
We can block this by refusing all SQL*NET connections from untrusted
hosts... ie anything other than our telnet host.
But that breaks the select only access directly from their PCs.



Can anybody help? Or just give me a clue?



--


Tommy Wareing


Database Administrator


MIS Group


Learning Resources


Oxford Brookes University


01865 483372
Received on Wed Jan 27 1999 - 08:47:45 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US