Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem

Re: Security problem

From: Scott Kronheim <skronheim_at_synertechsystems.com>
Date: Fri, 04 Feb 2000 13:11:28 -0500
Message-ID: <389B1650.3AFAD0B3@synertechsystems.com> 





Try this, I've used it successfully before:
1.  Grant all of the database object privileges required to run your
application to a role.

2.  Revoke every user's explicit privileges to those database objects.
3.  Grant the new role to each user as a non-default role.
4.  Each time your application connects to the database, issue a "SET


ROLE <new role name>" command.



The privileges assigned to a non-default role are not utilized by a
user's session until the SET ROLE command is issued.  Therefore, when a
user logs into the database using anything other than your application,
they won't have privileges to do anything with your application
objects.  Also, the SET ROLE command has a session-level scope, so when
your application disconnects from the database, the privileges
disappear.





Scott Kronheim




Sex_appeal wrote:


> 


> Hi,


> ¿How can I avoid the user uses any application to access the database


> instead my application?


> I have some row level security tables, and I don't want to use views


> (performance reasons), so I have to improve security at application


> level, but If the users access the database with any other application


> (like SQL explorer), they could get any information within the table.


> ¿Is there any way to avoid it?


> 


> Thanks!


Received on Fri Feb 04 2000 - 12:11:28 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US