Re: Restricting access to Oracle database to only Oracle Forms

From: kauder <kauder_at_audv01.aud.alcatel.com>
Date: 8 Mar 1995 16:21:19 GMT
Message-ID: <3jklhv$1s4_at_fozzy.aud.alcatel.com>

Kenneth.D.Atkins_at_tek.com (Kenneth D Atkins) wrote:
> >>You could setup a database role with a password, give it the appropriate
> >>access to your application and hard code the password into your
> >>application's startup form. There is a discussion and example of this in
> >>appendix J of the Oracle*Forms reference manual.
> >>

> >And how do you provide password aging and force change of passwords every
> >N days as required by many security policies and procedures, both corporate and
> >governmental?

> >Embedding passwords in clients (whether shown in some "Appendix J" or not) is not
We had a similar problem of removing the need for the user to explicity log on to the database. We needed to have separate logon for ad-hoc queries as opposed to update thru SQL forms. This was acheived by layering a security layer on top of the launch SQLforms. A VB program communicating with a centralized server validates the "network user" ID and then activates a server to translate the "network user" ID into the Oracle ID/PASSWORD for the application. This eliminates the need for embedding the id/password in the application. Also generic ID's can be established just for query. If you let people use their Oracle ID/password to query with then you run the risk of letting them change their Roles and updating data via ODBC/MSQuery or Glue from Excel !!
Terry C Kauder
Alcatel Network Systems
kauder_at_audv01.aud.alcatel.com Received on Wed Mar 08 1995 - 17:21:19 CET

This message: [ Message body ]
Next message: Craig Kasold: "Re: Forms 3.0 to Forms 4.0 conversion (Question)"
Previous message: Anton Dischner: "Re: Maximum Datafile Size Question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message