Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Restricting user access to a database?

Re: Restricting user access to a database?

From: Tim Kearsley <tim.kearsley_at_milton-keynes.gov.uk>
Date: 22 Jul 2003 02:11:30 -0700
Message-ID: <725736ef.0307220111.631e7d@posting.google.com>


"Paul Brewer" <paul_at_paul.brewers.org.uk> wrote in message news:<3f1c4104_3_at_mk-nntp-1.news.uk.worldonline.com>...  

> Tim,
>
> Sorry for the rant, but here's a different viewpoint. Make of it what you
> will.
>
> IMHO, you're coming at this from *completely* the wrong direction, in a 2
> tier app.
> Anyone who is trying to 'protect' the database from being accessed from
> SQL*Plus, TOAD.
> M$Access, ODBC or whatever is barking up the wrong tree entirely. What it
> means is that the database security is inadequate, and that too much trust
> has been placed in 'the app' to protect the database.
>
> Design the database and its API properly. No direct table access; business
> transactions are controlled by packages/stored procedures. Then the database
> neither knows nor cares whether it is being accessed from 'the app',
> SQL*Plus, M$Access or anything else. If a properly authenticated database
> connection can call the right procedure with valid parameters, it will
> succeeed. Otherwise not.
>
> And yes, I do live in the real world with crappy third party apps which we
> cannot control, and which leave the front door wide open. And in those cases
> logon triggers can help a little. It's weak, but it's better than nothing, I
> suppose.
>
> Regards,
> Paul

Paul,

Thanks for the input - I don't mind a good rant!!

I do take your points also and agree entirely. The problem is, as you concede in your final paragraph, that we are presented with third-party apps about which we can do nothing. Or, rather, we CAN do something, but as soon as we touch the application we are greeted by the app vendor shouting "You are now unsupported!" with all that entails.

So, yes, I agree, but the real world prevails!

Regards,

Tim Kearsley
Database Manager
Milton Keynes Council Received on Tue Jul 22 2003 - 04:11:30 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US