Re: Question About Oracle Security issue.....
Date: Sat, 7 Apr 2001 13:10:14 -0400
Message-ID: <9anhqe$pg4$1_at_bob.news.rcn.net>
depending on your specific environment, there are some other measures that can be taken. you can require operating system authentication separately from database authentication. then you can limit database access to specific operating system accounts. now the perpetrator must have two accounts to access the system.
one can use roles to limit user's or group's column and row level access, so users can see precisely only the information or data fields and data values they are supposed to see. one approach to implementing this scheme is to create a CRUD matrix (Create, Read, Update, Delete) at the appropriate level of granularity (table, column, row).
one can also implement LDAP if it is worth the effort. there is also another version of oracle, called Trusted Oracle, if the information really is that sensitive. the DoD uses Trusted Oracle for processing classified information. it has additional security features.
if you would like further assistance with oracle security, just drop me a line.
"Richard" <richchen_at_ms6.hinet.net> wrote in message
news:9ah3o6$k47_at_netnews.hinet.net...
> Hi,
>
> Is there any possible solution to prevent unauthorized client machines
> and/or unauthorized applications to access
> Oracle database, even with valid USER ID and PASSWORD ??
>
> Thanks,
>
> Richard
> richchen_at_ms6.hinet.net
>
>
>
Received on Sat Apr 07 2001 - 19:10:14 CEST