Mladen Gogala wrote:
> On Wed, 14 Jan 2004 17:48:02 -0800, Oracle4Unix wrote:
>
>
>>Hi gurus:
>>
>>I saw someone said that the best option to limit users to access
>>database server only through specified application written in pro*c,
>>forms, for example, is to "grant them access through a role which is
>>not enabled by default. When you log in using the app, your startup
>>code issues the appropiate commands to enable the role".
>>
>>Can someone elaborate this point for me? Assume users are ONLY allowed
>>to get into database via forms, how to achieve it?
>
>
> That would be more of a job for OS security, not for oracle security.
> If the client is a Unix box, I would provide a chroot limited environment
> through the restricted shell. User logs in, login script invokes forms,
> HOST button is disabled. Voila! Oracle is not meant for escapades like
> that. That's a job for the OS. Of course, if you're using Windows instead,
> then I can't really help you.
Why would you ever want to rely on the O/S to provide security? Oracle's
client, by definition, by-passes the O/S in its default configuration.
The user never logs onto the server ... just Oracle. And there are many
ways to use Oracle to accomplish the OP's goal.
--
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)
Received on Wed Jan 14 2004 - 23:57:09 CST
