Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Application authorization for a database user
You can not disable local connectivity. If someone is already on your
database server, they can always use sqlplus or other client to fake
out whatever application name you are expecting and connect to the
database (assuming they would otherwise be able to connect to the
database were it not for your access control).
You can control remote connectivity by firewalling your database server and restricting access to it only by your application server. Effectively, you will build a fense around your database server with the only entrance left through your application server.
You should not base your security on the assumption that users will not figure out the checking algorithm you use or the text you are expecting to see in their environment (or any other parameter that can be easily faked out by the client). Received on Thu Mar 23 2006 - 22:24:32 CST