Re: how to give user privilege to browse the source code in prodution
Date: Thu, 23 Sep 2010 13:36:18 -0700 (PDT)
Message-ID: <722d7ccf-99c9-458e-89b3-13de9d94d845_at_a30g2000vbt.googlegroups.com>
On Sep 23, 9:46 am, Mark D Powell <Mark.Powe..._at_hp.com> wrote:
> On Sep 22, 4:46 pm, "Michel Cadot" <micadot{at}altern{dot}org> wrote:
>
>
>
> > "charles" <dshprope..._at_gmail.com> a crit dans le message de news:
> > 880b62ca-c4c1-4d7e-9d16-b87d391a4..._at_j5g2000vbg.googlegroups.com...
> > | All,
> > |
> > | We are at Oracle 10g. We need to let our developer to browse source
> > | code like packages/functions/triggers.
> > |
> > | The only way i can think of is grant select any dictionary. Is there
> > | any security risk there by doing that? What is other options?
> > |
> > | Thanks for your help
>
> > Create a procedure in procedure/... owner schema that displays
Thanks for your reply.
Now, could you tell me what is the risk if i gave them select any dictionary, the only thing i guess is the password column exposed in dba_users. And we will lock the account if more than 10 failed logins. Any other concern i can tell my supervisor if i grant "select any dictionary"?
> > the code source and grant developers the privilege to execute this
> > procedure.
>
> > Regards
> > Michel
>
> Here is what we did. I took the source code for USER_SOURCE and
> created a view using this source with the current user restriction
> removed. The view returns all source. Access is control via granting
> the select privilege on the view. It would also be easy to restrict
> the source code being displayyed to that belonging to specific
> application code owners.
>
> HTH -- Mark D Powell --
Received on Thu Sep 23 2010 - 15:36:18 CDT