Application Security.
From: Anil Sinha <sinha_at_watson.bms.com>
Date: Tue, 21 Jul 1992 20:00:00 GMT
Message-ID: <21JUL199215002997_at_watson.bms.com>
Date: Tue, 21 Jul 1992 20:00:00 GMT
Message-ID: <21JUL199215002997_at_watson.bms.com>
Hi Database Gurus,
I would appreciate feedback as how is/was security implemented in your database application using Oracle 6.# and plans as to how they would do it in version 7. Especially taking into consideration the following
- Maximum level to which the security could be implemented so that whatever tools the user used to logon to the database, this minimum level of security would be available at the data level. Egs Using views or other means. How about row level security or am I just dreaming ?
- One has a situation in which the user can only modify the data using this application. So develop the application such that only one Oracle username is used to logon to database but provide within the application username/password implementation which looks like database username. In this case the user does not know the application username/password so cannot log on using other tools like Sql*Plus or third party tools. The draw back to such an implememtation is that one is reinventing the wheel to implement security level which may be available at the database level (egs. Roles in version 7.0 ).
Or forget the overhead, its not worth it Or go for Trusted Oracle
Thanks in advance.
Anil Sinha
internet: sinha_at_watson.bms.com
Received on Tue Jul 21 1992 - 22:00:00 CEST