Daniel Morgan <damorgan_at_x.washington.edu> wrote in message news:<1074146153.56196_at_yasure>...
> Mladen Gogala wrote:
> > On Wed, 14 Jan 2004 17:48:02 -0800, Oracle4Unix wrote:
> >
> >
> >>Hi gurus:
> >>
> >>I saw someone said that the best option to limit users to access
> >>database server only through specified application written in pro*c,
> >>forms, for example, is to "grant them access through a role which is
> >>not enabled by default. When you log in using the app, your startup
> >>code issues the appropiate commands to enable the role".
> >>
> >>Can someone elaborate this point for me? Assume users are ONLY allowed
> >>to get into database via forms, how to achieve it?
> >
> >
> > That would be more of a job for OS security, not for oracle security.
> > If the client is a Unix box, I would provide a chroot limited environment
> > through the restricted shell. User logs in, login script invokes forms,
> > HOST button is disabled. Voila! Oracle is not meant for escapades like
> > that. That's a job for the OS. Of course, if you're using Windows instead,
> > then I can't really help you.
>
> Why would you ever want to rely on the O/S to provide security? Oracle's
> client, by definition, by-passes the O/S in its default configuration.
> The user never logs onto the server ... just Oracle. And there are many
> ways to use Oracle to accomplish the OP's goal.
Thanks Daniel for your swift reply. Your answer is just what I wanted.
Received on Thu Jan 15 2004 - 11:23:22 CST
