Re: implementing row level security

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Fri, 30 Apr 2004 18:58:42 -0700
Message-ID: <1083376717.759773_at_yasure>

Jan wrote:

> I had similar dilema, our model was quite complex (tree structure with
> some child tables) and we had to solve security on the node level.
> All the data were accessed through stored procedure (Insert, Update,
> Delete, Select). We started with Oracle RLS but after we decided to
> use our own solution
> - one simple table with the node privileges and procedure for checking
> those rights.
> We just put this checking procedure into our
> Insert/Update/Delete/Select procedures - that was the only way how to
> access the data. No grants on tables and schema locked.
>
> jan

And your solution will work right up until the moment when someone accesses the database with something other than the approved tool.

The minute they do ... you have zero security.

Want to take bets on 'when' it will happen? It would be unfair to wager on 'if'.

-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)

Received on Sat May 01 2004 - 03:58:42 CEST

This message: [ Message body ]
Next message: Daniel Morgan: "Re: 10g Tools"
Previous message: Daniel Morgan: "Re: Forms 6, when to recompile after change of PLL?"
Maybe in reply to: Jan: "Re: implementing row level security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message