Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> OS authenticated vs. Known passwords
We're getting two new machines. One's going to be a database server,
one's going to be the user server.
So users will telnet to one box, and run character mode forms 4.5,
connected via SQL*NET to the server.
We also have some users using SQL*NET directly from their PCs to
connect to Oracle accounts with select only access.
We do not want the users to have access to Oracle accounts that can modify the database with out them being forced to use our forms.
How do we arrange this? It gets hard to even describe the problem...
We have to use O/S authentication, because that's the only way to stop
users knowing their oracle passwords.
But O/S authentication is indiscriminate... any host can claim that
it's O/S authenticated, whether we trust it or not.
We can block this by refusing all SQL*NET connections from untrusted
hosts... ie anything other than our telnet host.
But that breaks the select only access directly from their PCs.
Can anybody help? Or just give me a clue?
--
Tommy Wareing
Database Administrator
MIS Group
Learning Resources
Oxford Brookes University
01865 483372
Received on Wed Jan 27 1999 - 08:47:45 CST