Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle database Security.

Re: Oracle database Security.

From: Daniel Morgan <damorgan_at_x.washington.edu>
Date: Mon, 12 Jan 2004 22:03:59 -0800
Message-ID: <1073973762.574596@yasure> 





Paul Drake wrote:


> Pete Finnigan <plsql_at_petefinnigan.com> wrote in message news:<ejcHAzApztAARxiH_at_peterfinnigan.demon.co.uk>...
> 


>>>>Hi,

>>>>    Can any one suggest, how to prevent inserting or deleteing records

>>>>in oracle table through MS Access or VC ++ project window.

>>>>

>>>> Thanks in advance 

>>>> Jesu.

>>>

>>>Sybrands solution will work. An alternative is to use the 



>>>PRODUCT_USER_PROFILE table owned by SYSTEM.

>>>

>>

>>Hi Daniel,

>>

>>Unless I am missing something i thought that the PUP stuff only works

>>with SQL*Plus because SQL*plus goes off and checks the PUP tables at

>>relevant points in processing. This is not implemented in Access or

>>VC++, of course unless those tools pipe through SQL*Plus which I am sure

>>they don't.

>>

>>The OP doesn't give enough details but if we assume that he means

>>protecting a certain schema such that the users have the password for

>>that schema, then do as another poster suggests and create a read only

>>role and ensure that the user only has access to that role. There are

>>many ways to do this, the bottom line is to ensure that the user

>>accessing the database through MS Access and VC++ does not have any

>>privileges except select on relevant tables and cannot enable any

>>additional privileges via any other means.

>>

>>The original OP might want to take a look at http://www.petefinnigan.com

>>/orasec.htm and have a look at some of the security checklists on there,

>>they give some good ideas on securing Oracle.

>>

>>kind regards

>>

>>Pete


> 
> 
> Hi Pete.
> 
> I believe that this was covered here not long ago. Geoff Ingram has a
> routine in his book, "high performance oracle" that kills off sessions
> that don't conform to allowed executables, but still relies upon the
> program name being identifiable.
> 
> Seeing that I only have a couple of minutes before my train leaves, I
> won't cover it in detail here.
> 
> If the OP is interested he can post here or search for it on the
> archives of this newgroup.
> 
> Paul





Well if we just want to kill executables ... no matter what they are 
doing ... go with SYSTEM triggers such as AFTER LOGON.



Reg: http://www.psoug.org/reference/system_trigger.html


-- 
Daniel Morgan
http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp
http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp
damorgan_at_x.washington.edu
(replace 'x' with a 'u' to reply)


Received on Tue Jan 13 2004 - 00:03:59 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US