Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security Problem

Re: Security Problem

From: Michael Ho <infoage_at_hk.super.net>
Date: 1997/04/14
Message-ID: <5ir78v$lhu$4@tst.hk.super.net>#1/1 







Insoo Kang wrote:


> 

> We have an application that allows you to delete and update records in

> a table.  The problem is that a same user can login using sqlplus and

> delete the entire records in a table.  In order to prevent this, I

> came up with the following scheme: revoke table access privilege if

> a user is connecting via sqlplus or any other applications.

> 

> I can write a trigger that sends a message to a pro*c application that

> revokes table access privilege, but the problem is that v$session is a

> view not a table so I can't write a trigger based on v$session view.

> Does anybody have a suggestion how I can accomplish this whether it be

> through a trigger or some other means?




In the design stage, you should already consider separate the database
password with application password.



If you only enable APP say, the user can still rename SQL*PLUS to APP
and run it.  Have you consider this ?
Received on Mon Apr 14 1997 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US