Re: Advice : Security on Oracle - set role at application
Date: 1995/06/21
Message-ID: <3s9ghq$rv5_at_linda.teleport.com>#1/1
We had a similar situation and what we did is what you describe here.
- a user has a 'viewer' type default role which has 'select' only access
to objects
- within the application we execute a 'set role' command. this
write-enabled to particular objects role is password protected. we did
the no-no of hardcoding this password into the application itself. we
could not come up with a way of getting around putting the password in a
easily modifiable area (so it could be easily changed by an
administrator) at the time. there should be a way to do this using
packages/procedures which have public private areas where the owner of
the package has an 'administrator' user id so it can access a table only
the administrator has access to.
xxxxx (yyyyy_at_hk.linkage.net) wrote:
: Our company use VB as development tools and Oracle on Window NT as backend.
: There is a security policy suggested by the menu 'Application Developer Guide'
: from Oracle. In order to prevent use ad hoc tool, such as SQL Plus, to access
: the database and perform destructive action, the default role should be non
: destructive or disable all role after logon. When user run application,
: application should issue 'set role' to give the right privileges to perform
: the task.
: The idea is great, but how can I 'set role' through application?
: Yours comment is appreciate!
: Best Regards,
: Phyllis Wong
: wphyllis_at_hk.linkage.net
--Received on Wed Jun 21 1995 - 00:00:00 CEST