Re: Oracle database Security.

Pete Finnigan <plsql_at_petefinnigan.com> wrote in message news:<ejcHAzApztAARxiH_at_peterfinnigan.demon.co.uk>...
> >> Hi,
> >> Can any one suggest, how to prevent inserting or deleteing records
> >> in oracle table through MS Access or VC ++ project window.
> >>
> >> Thanks in advance
> >> Jesu.
> >
> >Sybrands solution will work. An alternative is to use the
> >PRODUCT_USER_PROFILE table owned by SYSTEM.
> >
> Hi Daniel,
>
> Unless I am missing something i thought that the PUP stuff only works
> with SQL*Plus because SQL*plus goes off and checks the PUP tables at
> relevant points in processing. This is not implemented in Access or
> VC++, of course unless those tools pipe through SQL*Plus which I am sure
> they don't.
>
> The OP doesn't give enough details but if we assume that he means
> protecting a certain schema such that the users have the password for
> that schema, then do as another poster suggests and create a read only
> role and ensure that the user only has access to that role. There are
> many ways to do this, the bottom line is to ensure that the user
> accessing the database through MS Access and VC++ does not have any
> privileges except select on relevant tables and cannot enable any
> additional privileges via any other means.
>
> The original OP might want to take a look at http://www.petefinnigan.com
> /orasec.htm and have a look at some of the security checklists on there,
> they give some good ideas on securing Oracle.
>
> kind regards
>
> Pete

Hi Pete.

I believe that this was covered here not long ago. Geoff Ingram has a routine in his book, "high performance oracle" that kills off sessions that don't conform to allowed executables, but still relies upon the program name being identifiable.

Seeing that I only have a couple of minutes before my train leaves, I won't cover it in detail here.

If the OP is interested he can post here or search for it on the archives of this newgroup.

Paul Received on Mon Jan 12 2004 - 22:12:26 CST