Re: How to limit ODBC Acess?
Date: 1996/02/27
Message-ID: <31338A8A.709_at_aud.alcatel.com>#1/1
BILL KIENZLE wrote:
>
> Does anyone know of an ODBC "firewall"?
> At my site, it seems that a user with Oracle access can install, for
> instance, Microsoft Access with an Oracle ODBC driver to get at the
> database. We have special security built in to our application. A user
> could get around this security with a program like Access. This would
> be a problem.
>
> Is there a way to lock out unwarranted ODBC access to Oracele?
> TIA
> BillThe only way to handle this problem is not very elegant.
1) You can assign roles to each user and have default with roles
turned off, the application then turns the roles on. Problem is,
a hacker could get round this by setting roles on from ODBC.
A PL/SQL stored procedure could be written to enable roles via
some kind of encryption mechanism.
2) You could assign different ID's, one ID for updates, another for
select only.
3) You could write a security server that authenticates the user,
translates the userid into an internal oracleid/password combo then
pass this to the application to use as a login. User in this case
would never need to know thier oracleid. For queries you could assign
a generic ID.
Received on Tue Feb 27 1996 - 00:00:00 CET