Re: Need advice about security with GUI front ends

From: Ricardo Venturini <Ricardo>
Date: 1995/11/01
Message-ID: <476tek$133o_at_esrinr.cs.esrin.esa.it>#1/1

Donna Kray <kray.donna_at_mlink.motors.ge.com> wrote:
>I'm looking for ideas about security for GUI front ends. I don't (of
>course) want users logging in with an account and/or role that allows the
>privileges needed by the application because they could bypass the
>application with SQL*Plus or Access. I don't really want
>username/password embedded in the executable for maintenance reasons.
>
>How is this being handled in other shops? I'm looking for any ideas,
>theoretical or practical, since we're brainstorming now. Thanks.
>
>Please make sure responses are mailed to kray.donna_at_mlink.motors.ge.com
>Thanks, DL Kray
>

Donna

Create application role with password and grant objects to role.
Grant the role to the users making sure that it is not granted as a default role (will be disable when user creates a session).
As soon as the user enters the application set the role within your application. The role password can be hardcoded/encrypted within the application (even better retrieve the encrypted password from a ref table).
When a user goes to SQL*Plus or other he/she cannot set the role, because he/she does not know the password.

Ricardo

_______   _______________________________________________________________
       \ /       Ricardo Venturini - Software Engineer
      _.?._      European Space Agency - ESRIN Frascati - Italy
     (o) (o)     Ricardo.Venturini_at_mail.esrin.esa.it  Tel:39 6 94180 469

____/ \./ \____These opinions are not necessarily my employers_________ Received on Wed Nov 01 1995 - 00:00:00 CET

This message: [ Message body ]
Next message: SIMON INGLIS: "Re: Returning a value to UNIX shell"
Previous message: ukumar: "Re: Loading Records into Oracle Applications"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message