Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Application userid security

Re: Application userid security

From: Ed Stevens <spamdump_at_nospam.noway.nohow>
Date: Thu, 11 Apr 2002 13:41:33 GMT
Message-ID: <3cb58811.242329681@ausnews.austin.ibm.com> 





On 11 Apr 2002 00:03:12 -0700, pagesflames_at_usa.net (Dusan Bolek) wrote:



>Richard Kuhler <noone_at_nowhere.com> wrote in message news:<bc4t8.38841$zN.16220466_at_twister.socal.rr.com>...

>> That still doesn't prevent them from building their own executable with

>> program name 'superapp' and connecting with it.  Anybody have any other

>> ideas about how you could get around this?  

>

>That depends on your organization, but one of the good solutions is to

>use firewall between workstations and server area. With firewall you

>can block all income requests, which do not came from PC of selected

>clerks.

>

>--

>_________________________________________

>

>Dusan Bolek, Ing.

>Oracle team leader

>

>Note: pagesflames_at_usa.net has been cancelled due to changes (maybe we

>can call it an overture to bankruptcy) on that server. I'm still using

>this email to prevent SPAM. Maybe one day I will change it and have a

>proper mail even for news, but right now I can be reached by this

>email.




This sounds intriguing.   I don't think an internal firewall is in the cards,
but setting that aside for the moment, let me explain some problems and see
where that takes us.



First, the legitimate production users are not a small group of selected clerks,
but virtually any of a few thousand users.  This will diminish as the half-dozen
or so apps that are currently written as client-server are converted to browser
based.  Of course, with the browser based apps, the the client machine (from
Oracle's perspective) is the web server. (We maintain test and production
versions of that as well.)



Second, the developers do occasionally have legitimate need to get into the
production DB outside of the app -- to fix data in resolving production
problems.  Using a firewall to lock them out based on machine id or IP address
would prevent this.  Our current strategy in these situations is to have them
request a "special" userid which we create and give to them, and then drop when
their fix is done.



All of this is based on management's desire to manage the client server
environment exactly the way we manage the mainframe.
Received on Thu Apr 11 2002 - 08:41:33 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US