| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Using current_schema allows too much access
Thomas,
That sounds like it would work. The only issue I can see is hard
coding the role password into the app. THis is an app we sell, so the
site DBA would need the ability to initialize the password into the
application, so it wouldnt be the same at all our sites.
Thanks, Thomas
"Thomas Olszewicki" <ThomasO_at_noSpm.cpas.com> wrote in message news:<aSyX6.87295$W02.1438093_at_news1.rdc2.on.home.com>...
> Steve,
> Simplest solution is to grant all privs to a role protected by password and
> activate this role within your app only.
> If you keep password for this role known only to selected group of DBAs and
> developers you may be safe.
> HTH
> Thomas
>
> "Steve S" <stevens_at_coloradocustomware.com> wrote in message
> news:bafba412.0106181126.1ddd6027_at_posting.google.com...
> > I am trying to change our application from a application sercurity
> > model, to indeividual database users using Oracle's security. I can
> > solve the problem of accessing the applications schema by using alter
> > session set current_schema = xxx. One side effect is users could
> > potentially access the application schema using an ad-hoc tool with
> > full rights to modify data.
> >
> > Does anyone have any ideas how to get around that?
Received on Tue Jun 19 2001 - 12:51:47 CDT
 |
 |