Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Application authorization for a database user

Re: Application authorization for a database user

From: DA Morgan <damorgan_at_psoug.org>
Date: Thu, 23 Mar 2006 09:08:35 -0800
Message-ID: <1143133712.134205@yasure.drizzle.com> 





Peter Kim wrote:


> I was wondering if anyone has experience on controlling access to specific 

> applications for an Oracle database user. Basically, I would like to allow a 

> database user to access an Oracle database only through the specified 

> application. The application can be arbitrary (an executable, jsp, etc), 

> which cannot be transformed into a stored procedure. The application files 

> may be located under an insecure client or middle-tier machine. An idea that 

> I have is that I would store the app files to the database and build a 

> dispatcher in the client machine to authenticate and download app files and 

> launch it. It's basically building everything myself. A better idea?

> Thanks

> --

> Peter




This can be done with an AFTER LOGON trigger that looks at the
program entry in v_$session.



There is a risk that someone renaming an application can bypass
the test. But if you don't tell people how you know what app they
are using ... they won't know how to bypass the test.

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)


Received on Thu Mar 23 2006 - 11:08:35 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US