Database Security

From: Yisheng <dongwei_at_creek.eel.ufl.edu>
Date: Mon, 6 Feb 1995 20:06:10
Message-ID: <dongwei.15.00141AEE_at_creek.eel.ufl.edu>

I would like to discuss with anyone who has experience in Oracle database security. Any suggestion is also appreciate. Right now we are facing a very important issue in database developement. We use Oracle as our database server. In our application code we would like to have different roles enabled at different time. To do this we create different roles and grant them to all the users. By use: Alter User Default Role None, we disable all the roles from all the users and use Set Role command in the application code to enable different role at different time. It looks fine at the first look. However, if it happen that any of the users can get a chance to have a look of the source code, he would be able to grant a role to himself by writing his own application code. It is really a big hole in the security of Oracle database. We don't want the users to get any information from the application code. But it looks like that Oracle can't do anything about it. I would like to hear from you about this Security stuff in Oracle.

                                   Brant

My E-Mail: dongwei_at_creek.eel.ufl.edu Received on Mon Feb 06 1995 - 20:06:10 CET

This message: [ Message body ]
Next message: Yisheng: "test"
Previous message: InsightAsc: "Harness the Power of Oracle Financials"
Next in thread: David Cherin: "Re: Database Security"
Reply: Dave Jordan: "Re: Database Security"
Reply: Jared P. Hecker: "Database Security"
Reply: David Cherin: "Re: Database Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message