Re: Trojan Horses in ORACLE 6 SQL*net connections
I have a forms application that I developed for Macintoshes going against
a Sun SS2 running ORACLE6. The application had to have as much security
as was available at the time. So, I controlled access to the data by
controlling the account the users log into. Essentially use the discretionary
access control that is available in ORACLE6. In these accounts, I create
synonyms that point to views in a master account. In the master account,
the views are on the tables that the users ultimately access. So, with
the views, I can control access to what data the user sees. On the tables,
I can limit the kind of access the users have (select,insert,update,delete)
and can also limit what columns can be affected (update option only). This
application was coupled with a extensive administration package that can
create and modify user accounts and thus access to the data. On the front
end side, I use menu roles and several different forms that corrispond
to the pseudo-roles I set up on the server.
I don't know whether this completely addresses your problem but I thought it
might help give you some ideas. If you have any questions, go ahead and
email me or post to this news group.
Regards,
Geo.
George Oliver
NRaD, Code 4221
oliver_at_nosc.mil
All opinions my own
Received on Wed Sep 15 1993 - 18:16:32 CEST
Original text of this message