| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: User access within/outside of app
we had a solution for home-grown powerbuilder apps using set_client_info, that triggers verified that info from v$session before any dml happened.
if you're interested in that solution, drop me a line and i'll explain it.
joe
Larry Hahn wrote:
>
> Jon,
>
> This is one of the options we have talked about. This
> will require the vendor to do a bit of progamming. But
> since they havent provided any security to this point,
> it is the least they can do.
>
> I'm just wondering if anyone has any ideas we can use
> as a stop gap until the app is changed.
>
> Thanks again for your help, Jon.
>
> Larry Hahn
> DB Manager
> Journal Sentinel, Inc.
>
> --- Jon Walthour <jonw_at_fuse.net> wrote:
> > Larry:
> >
> > Upon rereading your post (this time with my eyes
> > open!), I see your
> > problem. Hmm. I worked with a developer who did
> > something like this. I
> > don't know all the details, but I seem to recall
> > that he didn't put the
> > password in the DSN for the ODBC connection, but
> > rather encrypted it in
> > an .ini file that the app decrypted and used to log
> > into the database.
> > That way, the users couldn't use the ODBC connection
> > with that userid
> > outside of the app. That may not be an option for
> > you here, but that's
> > about all I can think of as an alternative.
> >
> > Jon Walthour
> > -----Original Message-----
> > Sent: Tuesday, August 21, 2001 3:36 PM
> > To: Multiple recipients of list ORACLE-L
> >
> >
> > Jon,
> >
> > Thanks for the response. But these users still need
> > to
> > do updates through the app. I only want to keep them
> > from doing updates from outside the app.
> >
> > Larry
> > --- Jon Walthour <jonw_at_fuse.net> wrote:
> > > Create another user with select privileges only on
> > > the objects in the app's schema. Give that one to
> > > them and then change the password on the original
> > > app id so they won't be able to use that one
> > > anymore.
> > >
> > > Jon Walthour
> > > >
> > > > From: Larry Hahn <lhahn_60_at_yahoo.com>
> > > > Date: 2001/08/21 Tue AM 11:21:04 EDT
> > > > To: Multiple recipients of list ORACLE-L
> > > <ORACLE-L_at_fatcity.com>
> > > > Subject: User access within/outside of app
> > > >
> > > > List,
> > > >
> > > > We have purchased a system where users login
> > > through
> > > > an ODBC connection using a generic Oracle
> > userid.
> > > This
> > > > userid has full rights to do insert, update,
> > > delete,
> > > > select on any table in the schema. The app asks
> > > for
> > > > another username and password which checks the
> > > > application security table, which limits what
> > > areas of
> > > > the apps they can access.
> > > >
> > > > Although this may work fine for the app, the
> > users
> > > > also have the ability to use Access and other
> > ODBC compliant
> > > > programs to look at the data. When doing
> > > so,
> > > > they use the same ODBC DSN and, what do you
> > know,
> > > they
> > > > have capabilities beyond their wildest
> > > imagination.
> > > >
> > > > This is obviously not a situation I want to
> > > implement.
> > > > I am looking for a way to allow a user into the
> > > app to
> > > > do their normal work, but only allow read access
> > > for
> > > > anything outside the app.
> > > >
> > > > Any suggestions or ideas would be more than
> > > welcome.
> > > >
> > > > Thanks,
> > > >
> > > > Larry Hahn
> > > > Journal Sentinel, Inc.
> > > >
> > > >
> > __________________________________________________
> > > > Do You Yahoo!?
> > > > Make international calls for as low as
> > $.04/minute
> > > with Yahoo! Messenger
> > > > http://phonecard.yahoo.com/
> > > > --
> > > > Please see the official ORACLE-L FAQ:
> > > http://www.orafaq.com
> > > > --
> > > > Author: Larry Hahn
> > > > INET: lhahn_60_at_yahoo.com
> > > >
> > > > Fat City Network Services -- (858) 538-5051
> > > FAX: (858) 538-5051
> > > > San Diego, California -- Public Internet
> > > access / Mailing Lists
> > > >
> > >
> >
> --------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send
> > an
> > > E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > > 'ListGuru') and in
> > > > the message BODY, include a line containing:
> > UNSUB
> > > ORACLE-L
> > > > (or the name of mailing list you want to be
> > > removed from). You may
> > > > also send the HELP command for other information
> > > (like subscribing).
> > > >
> > >
> > >
> > > --
> > > Please see the official ORACLE-L FAQ:
> > > http://www.orafaq.com
> > > --
> > > Author: Jon Walthour
> > > INET: jonw_at_fuse.net
> > >
> > > Fat City Network Services -- (858) 538-5051
> > FAX:
> > > (858) 538-5051
> > > San Diego, California -- Public Internet
> > > access / Mailing Lists
> > >
> >
> --------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an
> > > E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > > 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB
> > > ORACLE-L
> > > (or the name of mailing list you want to be
> > removed
> > > from). You may
> > > also send the HELP command for other information
> > > (like subscribing).
> >
> >
> > =====
> > Larry Hahn
> > DBA
> > Journal Sentinel,Inc
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute
> > with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author: Larry Hahn
> > INET: lhahn_60_at_yahoo.com
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
> --------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in the
> > message BODY, include a line containing: UNSUB
> > ORACLE-L (or the name of
> > mailing list you want to be removed from). You may
> > also send the HELP
> > command for other information (like subscribing).
> >
> >
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author: Jon Walthour
> > INET: jonw_at_fuse.net
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
> --------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> >
> === message truncated ===
>
> =====
> Larry Hahn
> DBA
> Journal Sentinel,Inc
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
-- Joe Testa Performing Remote DBA Services, need some backup DBA support? For Sale: Oracle-dba.com domain, its not going cheap but feel free to ask :) IM: n8xcthome or joen8xct -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Joe Testa INET: teci_at_the-testas.net Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Aug 22 2001 - 06:26:21 CDT
 |
 |