Re: Question About Oracle Security issue.....

From: Richard <richchen_at_ms6.hinet.net>
Date: Thu, 5 Apr 2001 23:05:31 +0800
Message-ID: <9ai1dv$9el_at_netnews.hinet.net>

Hello,

[Quoted] Thank you Cliff and Daniel.

[Quoted] [Quoted] To prevent potential fraud caused by internal staffs is the primary reason I [Quoted] need this solution.

[Quoted] Some developers/Power users may "spy" the confidential information in databases. The confidential information means the data itself and database schema.

For technical guys, it is easy to intrude database with some tools like SQL*PLUS (to get more data information) or ERWin ( to get database schema )

[Quoted] if they have valid userid/password. From the viewpoint of internal audit, [Quoted] that is a threat for information security.

If any one have better solution than this one , i.e., to prevent unauthorized client machines and/or unauthorized applications to access database,

please let me share your idea.

Thank you...

Richard L. Chen

( PS: Actually, I don't think that would be difficult for Oracle to implement this idea.)

C Palmer <cliff_at_palmercs.com> wrote in message news:3ACC6B13.3DD6A8F8_at_palmercs.com...
> Richard, *if* the oracle server machine is (or can be) seperated from
> *all* the client machines onto a different network segment, you might be
> able to place an intellegent router between the segments and configure the
> router to deny routing to ports 1521 and 1527 on the oracle server box
> from the specific workstations you wish. In addition to that you could
> implement challeneged access in other fashions.
>
> I have to echo Daniel A Morgan's concerns about the wisdom of this
> notion. This sounds like a really unworkable idea to me and probably wont
> really solve your problem.. Remember that a fair number of users know how
> to change their IP/IPX address or they can simply go sit at someone else's
> workstation.
>
> HTH
> Cliff
>
> Richard wrote:
>
> > Hi,
> >
> > Is there any possible solution to prevent unauthorized client machines
> > and/or unauthorized applications to access
> > Oracle database, even with valid USER ID and PASSWORD ??
> >
> > Thanks,
> >
> > Richard
> > richchen_at_ms6.hinet.net
>
Received on Thu Apr 05 2001 - 17:05:31 CEST

This message: [ Message body ]
Next message: Chris Day: "Re: Question About Oracle Security issue....."
Maybe in reply to: Richard: "Question About Oracle Security issue....."
In reply to C Palmer: "Re: Question About Oracle Security issue....."
Next in thread: Sybrand Bakker: "Re: Question About Oracle Security issue....."
Reply: Chris Day: "Re: Question About Oracle Security issue....."
Reply: Sybrand Bakker: "Re: Question About Oracle Security issue....."
Reply: Reg: "Re: Question About Oracle Security issue....."
Reply: Daniel A. Morgan: "Re: Question About Oracle Security issue....."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message