Re: Oracle Security

From: Lee Parsons <lparsons_at_eskimo.com>
Date: 1995/07/17
Message-ID: <DBvGH2.KLv_at_eskimo.com>#1/1

Jim Winterroth <jwinter_at_qdrs2a.stg.trw.com> wrote:
>
>In V6 I was able to use a view which joined the name of the application
>to the table (getting the app name from V$PROCESS). Thus the users could
>only see the data if they logged in with a program that had the same name as
>the one I wrote.

Anybody ever tried putting an on insert triger on aud$ and auditing sessions. I figure you could design the trigger to look for a set of allowed programs and kill the session of any user that doesn't meet the profile.

We could get the program name out of a v$ table but I don't know if we could trust the name being given us since it would be provided by a untrusted client. still it would get the casual Pc user.

Besides being really slow on login, why wont this work. I assume it wont because if it did we would have heard about it before.

>PRODUCT_USER_PROFILE for some
>strange reason is only enforced against Oracle products, SQL*Plus, SQL*Forms
>etc.

Because only Oracle products look at PUP to see if an entry exits?

-- 
Regards, 

Lee E. Parsons                  		
Systems Oracle DBA	 			lparsons_at_world.std.com

Received on Mon Jul 17 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: Cobus Theunissen: "Re: SQL*Net & Win95"
Maybe in reply to: Steve Morrow: "Oracle Security"
In reply to Jim Winterroth: "Re: Oracle Security"
Next in thread: Cobus Theunissen: "Re: SQL*Net & Win95"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message