Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Acessing data - security versus ease of use

Re: Acessing data - security versus ease of use

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Wed, 03 Dec 2003 09:52:59 -0800
Message-ID: <1070474010.880213@yasure> 





Ed Stevens wrote:



> On Tue, 02 Dec 2003 21:07:13 -0800, Daniel Morgan

> <damorgan_at_x.washington.edu> wrote:

> 

> 


>>Snid wrote:
>>
>>
>>>I was wondering how people allow clients to access the data from their
>>>databases?
>>>
>>>All of our machines are locked down with firewall rules, so that only a few
>>>people are allowed through the firewall; however, this prevents people
>>>accessing the data with ODBC which means complex methods of replicating data
>>>and allowing it to be accessed are used, ie dumping the data into another
>>>database which is less secure.
>>>
>>>What sort of middle tier applications or gateways are people using?
>>>
>>>Are there any alternatives such as using some sort of ODBC connection over
>>>https?
>>>
>>>
>>
>>It would be remarkably valuable to know a few things first:
>>1. Verion and edition of Oracle.
>>2. Hardware platform and operating system.
>>3. What front-end tools are being used.
>>
>>But in general ... I never ... and I mean NEVER ... use ODBC to connect 
>>to a database. There are plenty of solutions. Knowing more about what 
>>you are doing would be a first step to making a recommendation.




> 

> 

> Daniel,

> 

> I would be interested in some of the alternatives to ODBC.  We have a

> growing base of people using MS-Access to develop their own reports

> against Oracle db's.  We give them a common user-id that has read-only

> access, but I've never been comfortable with this, for a couple of

> reasons.  First, I foresee the day when they will start demanding

> update capability.  If that is granted, all data integrity goes out

> the window.  Second, ODBC drivers seem particularly brittle -- very

> dependant on exact version, release, patch of both the OS (Windows)

> and the Oracle client.




If MS Access then your only choice is ODBC. But database security is 
vested in the database ... not in the front-end. You need to learn about 
system privileges, table privileges (really object privs), roles, and 
profiles.



No one connecting should ever have the ability to insert, update, 
delete, select, or worse except as enforced on an object-by-object, 
column-by-column and sometimes row-by-row basis: All of which can be 
easily implemented in Oracle.

-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Wed Dec 03 2003 - 11:52:59 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US