Re: Advice : Security on Oracle - set role at application

From: Larry Fishman <larryf_at_teleport.com>
Date: 1995/06/26
Message-ID: <3smkeb$9sr_at_linda.teleport.com>#1/1

MMason (mmason_at_c-s-p.com) wrote:
: In article <yyyyy.3.003B9959_at_hk.linkage.net>, yyyyy_at_hk.linkage.net says...
: >

: >The idea is great, but how can I 'set role' through application?
: >Yours comment is appreciate!
: >
: >

: You have to use dbms_session package. e.g. : dmbs_session.set_role ( 'rolenamewithupdateprivs identified by password' );

I am not familiar with this package but it would be the way I would like to do it. Right now we do it by using the actual 'set role identified by xxx' command in the application and distributing the application in a compiled form. So it has obvious administrative weakness of not being able to change the role password until the next version of the application comes out. By having it in a package, the password may be changed and package/procedure recompiled without going out to the client application. (maybe our next release of the app ;-)

--

Received on Mon Jun 26 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Paul Eggert: "Re: sysdate, Time Zones and GMT"
Previous message: John Higley: "Re: Advice : Security on Oracle - set role at application"
Maybe in reply to: xxxxx: "Advice : Security on Oracle - set role at application"
Next in thread: Paul Eggert: "Re: sysdate, Time Zones and GMT"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message