Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security problem
Try this, I've used it successfully before:
1. Grant all of the database object privileges required to run your
application to a role.
2. Revoke every user's explicit privileges to those database objects. 3. Grant the new role to each user as a non-default role. 4. Each time your application connects to the database, issue a "SETROLE <new role name>" command.
The privileges assigned to a non-default role are not utilized by a user's session until the SET ROLE command is issued. Therefore, when a user logs into the database using anything other than your application, they won't have privileges to do anything with your application objects. Also, the SET ROLE command has a session-level scope, so when your application disconnects from the database, the privileges disappear.
Sex_appeal wrote:
>
> Hi,
> ¿How can I avoid the user uses any application to access the database
> instead my application?
> I have some row level security tables, and I don't want to use views
> (performance reasons), so I have to improve security at application
> level, but If the users access the database with any other application
> (like SQL explorer), they could get any information within the table.
> ¿Is there any way to avoid it?
>
> Thanks!
Received on Fri Feb 04 2000 - 12:11:28 CST