Re: Keeping users out ...
Date: 5 Mar 2002 02:28:17 -0800
Thanks for the reply, Ruud.
I like the idea of control of access being through accounts because we
can trace/audit the action of that individual account and we can use
the database-server's security scheme. I also like the idea of
'phantom/temporary' accounts because it keeps the view of security
simple, when it's up for discussion/debate. Partly, I'm trying to protect the data and performance from the users and partly I desire a 'defensive' security-scheme because I'm looking to be able to demonstrate that security breaches probably came from a user-required/employed dba-person (i.e. the customer has insisted on having one of their people installed with full dba rights), not from a
'weak/optimistic' implementation by the software guys -- meaning 'us'.
Of course, it's a bit complicated and has its own problems, including cleaning out old phantom accounts left around after broken connections.
Incidentally, I've just learnt we have to impose a 'hierarchical' security scheme, as well: Big Boss sees everything; littler boss sees less, workers see least. Imagine a mountain: Big Boss at the top can look down; littler boss at 80percent altitude can only look down on 80 percent, not up ... you get the picture. This could be 'interesting' ...... (yes, you've guessed it ... it's salary-related data)
Ruud de Koter <ruud_dekoter_at_hp.com> wrote in message news:<3C834782.29A2D163_at_hp.com>...
If I follow you this far, I see an easier solution in the definition
of a single
database account for the application. This account can do anything, at least on
its own tables, but it might even be a DBA-account. Application users would not
get a database account.
Application users would simply connect to the application, where an
authorisation structure is in place for them (that would be the basis
for the DB
account, in your plan). In my plan this authorisation structure would be used to
autorise database actions, instead of creating the additional accounts.
Unless I am missing something, this seems a lot easier to me...
Ruud. Received on Tue Mar 05 2002 - 11:28:17 CET