Re: Would this work? Security

From: Michael J. Moore <mNiOcShPaAeMl.j.moore_at_wcom.com>
Date: Fri, 08 Sep 2000 20:35:48 GMT
Message-ID: <E4cu5.972$6a1.15897_at_pm01news.wcom.com>

Hey! Why didn't I think of this? Sounds like a great idea. Thanks! Mike

"Joe Kazimierczyk" <joseph.kazimierczyk_at_bms.com> wrote in message news:39B8D81A.9F9CB6BE_at_bms.com...
> "Michael J. Moore" wrote:
> >
> > Using Developer Forms and giving each user access to the database tables
> > poses a security problem. Specifically, the user could use a tool such
as
> > SQL Plus to directly update tables.
> [snip]
>
>
> If I understand the problem, then why not use roles with a password?
> You could:
> - create a role identified by a passord
> - grant update,insert,whatever on some tables to this role
> - grant this role to your users, but disabled by default - important!
> - don't tell the users what the role's password is, so they won't be
> able to enable it from sqlplus, and won't be able to update the
> tables.
> - your forms application would be the only thing that knows the
> password, and would do a 'set role rolename identified by password' to
> enable the role during the user's session with Forms. But outside of
> your app, they'd still have no access to the tables.
Received on Fri Sep 08 2000 - 22:35:48 CEST

This message: [ Message body ]
Next message: Martin Dieringer: "Re: Running Java Plug-in 1.1.2 and 1.2"
Maybe in reply to: Michael J. Moore: "Would this work? Security"
In reply to Joe Kazimierczyk: "Re: Would this work? Security"
Next in thread: Luis Cabral: "Re: Would this work? Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message