Re: Oracle Security

From: Jim Winterroth <jwinter_at_qdrs2a.stg.trw.com>
Date: 1995/07/17
Message-ID: <3udscq$ja1_at_ns1.nba.TRW.COM>#1/1

smorrow_at_dotrisc.cfr.usf.edu (Steve Morrow) wrote:

> We want to ensure that our users access a database thru a particular application,
> and not thru SQL*PLUS, or some other Oracle or 3rd party reporting tool or
> database residing on another host. Users will be restricted from the UNIX
> command line, and thus won't be able to execute commands.
>
> I understand that the PRODUCT_USER_PROFILE table will allow you to 'disable'
> what user's can do within SQL*PLUS, but can other tools be specified? And
> moreover, is there a way of restricting access from other programs/DBs/tools?
> Does SQL*NET have such a capability to filter out users NOT coming in thru
> this application?
>

In V6 I was able to use a view which joined the name of the application to the table (getting the app name from V$PROCESS). Thus the users could only see the data if they logged in with a program that had the same name as the one I wrote. I think this is possible in V7, but I switched to using roles for security and never persued it. PRODUCT_USER_PROFILE for some strange reason is only enforced against Oracle products, SQL*Plus, SQL*Forms etc. I would still load PRODUCT_USER_PROFILE just to protect against a user who obtains SQL*Plus on his own and figures out how to connect to the database.

Jim Received on Mon Jul 17 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Lee Parsons: "Re: Oracle Security"
Previous message: Martin Rapier: "Re: Oracle Security"
In reply to: Steve Morrow: "Oracle Security"
In reply to Steve Morrow: "Oracle Security"
Next in thread: Lee Parsons: "Re: Oracle Security"
Reply: Lee Parsons: "Re: Oracle Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message