SQL*Net Security Question
Date: 1995/09/06
Message-ID: <42jeis$303_at_outlaw.zfe.siemens.de>#1/1
kmelcher_at_ix.netcom.com (Kenneth Melcher) wrote:
>Except in the case where you have security set up in such a fashion
I have two ideas, not the best, but some way to make it more difficult
to connect to the database.
Another idea is, protect all roles you use with a password, that is
only known by the application.
>such that the only non-dba connections should be coming through a
>TP-monitor such as Tuxedo, which handles its own security functions.
>In our case, we want noone connecting via SQL*PLUS or any other
>mechanism other then Tuxedo with the exception of the DBAs. The
>problem is, SQL*Net poses a potential hole in the case where someone
>might discover a database userid/password and connect to the database
>without having to authenticate themselves to either the application or
>the operating system (O/S ids on the production system are restricted
>to tech support staff only). Hence, my desire to control access via
>SQL*net to only specific client machines (preferably) or specific
>O/S users.
Do not use the default TCP/IP-port for SQL*Net. so the users have to
add to their connect string the right port n umber.
No user get a default role, so if a user connect to the database via
SQL*net, he can do nothing because he has no privileges. only if he
connect via the application, he get his roles actiove, so that he can
work.
I know, that is not exactly that, what you wanted to know, but i think, there is no way to forbid a connection via SQL*Net, if it's running.
Chrisitian
Christian Günther dbbetr_at_ztivax.zfe.siemens.deSiemens AG RK M/Pdb32
Tel. 089/63643965 Received on Wed Sep 06 1995 - 00:00:00 CEST