Re: Implementing security

From: Bob Morrison <rmorrison_at_cahners.com>
Date: 1997/03/11
Message-ID: <33258EC8.35DD_at_cahners.com>#1/1

Mal Heseltine wrote:
>
> Our approach has been to use an application role which has all the
> relevant object privileges for the application assigned to the role.
> The role is password protected and enabled in the application logon
> form. We don't see a need to change this password as long as the logon
> form source code is adequately protected.
>
> We developed a sort of security sub-system in Forms which is common to
> all our applications as part of our inhouse menuing standard.
> The security sub-system allows profiles to be defined which have
> application functionality (menu items) assigned to them as required.
> Each end-user is assigned to a profile that is relevant for them to
> perform their job.
> Our custom menu system then builds their menu on logon based on what
> profiles they are assigned which indicates which application functions
> they have access to.
>
> Other security features we use are automatic timeouts after a certain
> period of inactivity.
> Each end-user has an oracle account which is host-authenticated through
> the OS.
> Password standards are enforced on the OS accounts.
> For C/S systems we are investigating third-party products such as
> sql<>secure to address password standards.
>
> I wasn't real sure what you were after but hope this helps.
> Mal.
>
> Michael Leung wrote:
> >
> > Hi,
> >

> > I would like to know what the proper way of handling user security in
> > Oracle applications should be. I know that I can define an application
> > role and then set the role in an application (Oracle Forms) with a password
> > to limit user to access unnecessary objects. However, I find that this
> > approach seems not very flexible for security management purpose because I
> > need to re-compile the source code everytime I has changed the password.
> >
> > Please share any experience + good reference you have. Thanks in advance.
> >
> > Michael

You might also want to look at MORE Application Manager from MORE Systems for your password management and user administration. It does alot more that sql<>secure and will save you alot of money. Contact Joe Doherty (617) 251-9217. Received on Tue Mar 11 1997 - 00:00:00 CET

This message: [ Message body ]
Next message: Chris Halioris: "Re: PRO*C Link Problem"
Maybe in reply to: Michael Leung: "Implementing security"
In reply to Mal Heseltine: "Re: Implementing security"
Next in thread: Chris Halioris: "Re: PRO*C Link Problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message