| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Application userid security
On Mon, 15 Apr 2002 14:51:45 +0100, "Jonathan Lewis"
<jonathan_at_jlcomp.demon.co.uk> wrote:
>
>Since I'm coming in late on this, perhaps this
>has already been said.
>
>Oracle 8.1 onwards supplies a PROXY USER
>functionality (from OCI only). That allows a trusted
>user ID to become other users without knowing
>their password.
>
>Create tables as APP_OWNER, then revoke connect.
>Grant suitable privileges to END_USERxxx
>Create user APP_LOGIN with BECOME USER privilege
>and CONNECT privilege
>
>alter user END_USERxxx
>grant connect through APP_LOGIN;
>
>
>APP_LOGIN can log in but do nothing
>to the data.
>
>END_USERS can log in and hack the data
>but are identifiable.
>
>End-users attaching to the database can
>otherwise be made to connect through an
>application module that has logged in as
>APP_LOGIN, which then becomes the
>end user for the purposes of accessing
>the database.
>
>The only 'public' password is APP_LOGIN,
>but it has no privilege to access the data.
>
>
>
>
>
>--
>Jonathan Lewis
>http://www.jlcomp.demon.co.uk
>
This looks intriguing. We're still on 8.0.5 (mostly) but getting everything to
8.1.7 is my big project for this year. I'll file this for future reference.
Thanks. Received on Mon Apr 15 2002 - 12:09:33 CDT
 |
 |