Re: SQL*Net Security Question
Date: 1995/09/06
Message-ID: <42ittb$nnv_at_ixnews5.ix.netcom.com>#1/1
>
>In article <42gi3h$rkj_at_ixnews2.ix.netcom.com>, kmelcher_at_ix.netcom.com
>says...
>>
>>Does anyone have any suggestions on a way to restrict SQL*Net access
>>to specific client machines or specific users?
>>
>>For instance, I would like for our DBA's to be able to access
>>our servers via SQL*Net. They will always be connecting from their
>>individual workstations using consistent userids. However, I
>>do not want any other machines or users on the net to have access
>>to the servers via SQL*Net.
>>
>>Any suggestions?
>
>Users need connect-privilegies to access the databases - so there
should
>be no reason to limit the access to SQL*Net ?
>
Except in the case where you have security set up in such a fashion
such that the only non-dba connections should be coming through a
TP-monitor such as Tuxedo, which handles its own security functions.
In our case, we want noone connecting via SQL*PLUS or any other
mechanism other then Tuxedo with the exception of the DBAs. The
problem is, SQL*Net poses a potential hole in the case where someone
might discover a database userid/password and connect to the database
without having to authenticate themselves to either the application or
the operating system (O/S ids on the production system are restricted
to tech support staff only). Hence, my desire to control access via
SQL*net to only specific client machines (preferably) or specific
O/S users.
KM Received on Wed Sep 06 1995 - 00:00:00 CEST