Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Restricting ODBC access to Oracle

Re: Restricting ODBC access to Oracle

From: DriftWood <drift_wood_at_my-deja.com>
Date: Wed, 10 Jan 2001 14:29:15 GMT
Message-ID: <93hrje$p59$1@nnrp1.deja.com> 






Probably the only thing to try is to drop the ALL_CATALOG view. Forms
and other Oracle products don't use this, but ODBC does. This will
breack most (but not all) GUI type tools that use ODBC (such as MS
Access), but it still will not stop a user from hooking up with
ODBCTest and issuing SQL against the table. ODBC lets the RDBMS handle
the security and your RDBMS permissions give the user rights to update
the tables. The better way to have built this would have been to give
the user no reall permissions by default and then have the forms (or
other application) do a set role ... when connecting that enables the
permissions. Since the role would be unknown to the user, it is
unlikely that they would know to set it when connecting via ODBC.



--

-cheers



  DW




"It is a kind of good deed to say well; and yet words are not deeds.
  -William Shakespeare"




Sent via Deja.com


http://www.deja.com/
Received on Wed Jan 10 2001 - 08:29:15 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US