Re: How to limit ODBC Acess?

From: Terry Kauder <Terry_Kauder_at_aud.alcatel.com>
Date: 1996/02/27
Message-ID: <31338A8A.709_at_aud.alcatel.com>#1/1

BILL KIENZLE wrote:
>
> Does anyone know of an ODBC "firewall"?
> At my site, it seems that a user with Oracle access can install, for
> instance, Microsoft Access with an Oracle ODBC driver to get at the
> database. We have special security built in to our application. A user
> could get around this security with a program like Access. This would
> be a problem.
>
> Is there a way to lock out unwarranted ODBC access to Oracele?
> TIA
> BillThe only way to handle this problem is not very elegant.
1) You can assign roles to each user and have default with roles turned off, the application then turns the roles on. Problem is, a hacker could get round this by setting roles on from ODBC. A PL/SQL stored procedure could be written to enable roles via some kind of encryption mechanism.
2) You could assign different ID's, one ID for updates, another for select only.
3) You could write a security server that authenticates the user, translates the userid into an internal oracleid/password combo then pass this to the application to use as a login. User in this case would never need to know thier oracleid. For queries you could assign a generic ID. Received on Tue Feb 27 1996 - 00:00:00 CET

This message: [ Message body ]
Next message: Kent Zabriskie: "product search: Looking for a Contract Management System - help!"
Previous message: afischer_at_ea.com: "Re: How to limit ODBC Acess?"
In reply to BILL KIENZLE: "How to limit ODBC Acess?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message