Re: Application security question
Date: Thu, 22 Jul 1999 17:07:43 GMT
Message-ID: <7n7j4o$aj$1_at_nnrp1.deja.com>
Hello
Of course, this is not a ideal situation, but I think that in real world this security problem effectivelly happens.
From a strictly proggramatic point of view, you can use the built-in GET_APPLICATION_PROPERTY to get the USERNAME and PASSWORD of the currently logged user, and, in those restricted items, show a modal window that asks the user his username/password, that you will compare with those ones you got. So you will not have to store *another* password for your users - youŽll use the oracle password itself.
In article <Zr_k3.43$rf.14936_at_WReNphoon3>,
dsscott_at_ev1.net (Douglas Scott) wrote:
> My company has a requirement to validate that a user
> is really who they are suppose to be within a
> particular application. This is mainly caused by
> computers being in a shared area which means that
> someone could login to the database with their Oracle
> account and then another person access the application
> and make a change that that person would not be able
> to do if they were logged into the database using
> their own account. What we want to do is implement a
> second layer of security that will prompt the user for
> a password if they try to update an item that has been
> identified as a restricted item. Does anyone know of
> good way to do this? We don't want to store a password
> in a table that someone could see through sql.
>
> Thanks
> Douglas Scott
>
> -**** Posted from RemarQ, http://www.remarq.com/?c ****-
> Search and Read Usenet Discussions in your Browser
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
Received on Thu Jul 22 1999 - 19:07:43 CEST