Security & Version 6 (NOT 7)

From: Andy Finkenstadt <andy_at_homebase.vistachrome.com>
Date: Sat, 9 May 1992 05:56:07 GMT
Message-ID: <1992May9.055607.3651_at_homebase.vistachrome.com>


Given: SQL*Forms 3.0.15, SQL*Menu 5.0.11, Oracle RDBMS 6.0.33 (Sun4 and Unified 386), SQL*Net TCP/IP.

In considering a multi-user database running on a Unix system with Oracle RDBMS 6.0, I plan on using the following security guidelines:

  • Each person must identify themselves to the operating system. IE: must have their own user ID and password for logging in to the computer, accessing mail and the company bulletin board (disguised as netnews), and for running the oracle applications we build.
  • Each person must also identify themselves to the database. Explicitly I do not want to use OPS$user accounts because of the problems this can run into when networking between DOS/MAC and Unix platforms with TCP/IP, and non-local Databases not securing OPS$user against a very simple aliased attack.
  • Each sub-application has its own userID and password controlling access to the base tables & views. Public synonyms are created for each object, but no grants are issued at the outset.
  • A series of database tables contains each object, each group, each function, the accesses required to each object by each function, and the functions required to be accessible to each group. A person is put into one or more groups, and then SQL Grant statements are created (and thence executed) allowing that person the proper union of rights necessary to complete the work they are required to do.

The above implements mandatory access controls. In addition:

  • SQL*Menu roles are also used to control the accessible applications and functions apart from the database rights granted. This allows specific access to forms that have been written to disallow certain kinds of manipulations to tables that the user IS authorized (because of another function) to perform, just not in this context. (For example, can only change salary in the personnel master form, not in the weekly time-card entry screen.)

This method outlined works. What kind of pitfalls can I expect? Has anyone else explored this issue and enforced security at such a fine level without Version 7?

-Andy

-- 
Andrew Finkenstadt         +1 904 222-ANDY home    GEnie:  ANDY
Homes & Land Publishing    +1 904 575-0189 work    ...!uunet!rde!andy
Vista-Chrome, Inc.         1600 Capital Cir SW     andy_at_vistachrome.com
GEnie Unix Sysop/Manager   Tallahassee, FL 32310   ------------------------
--
...and a UNIX user said 'rm -fr *' ...and all was without form and void...
Received on Sat May 09 1992 - 07:56:07 CEST

Original text of this message