Re: Application security question

From: Simon Hedges <shedges_at_hhhh.freeserve.co.uk>
Date: Tue, 20 Jul 1999 20:32:22 +0100
Message-ID: <7n2itn$sm3$1_at_news6.svr.pol.co.uk>

You could try resetting a timer each time the user moves their cursor around the screen. If they fail to move the cursor or mouse for a specified period of time (e.g. 2 minutes) the timer would expire, and you could assume that they have left the workstation. The system would then log out of their required security role, and you could display a window that requires them to re-enter their role password before continuing. Each person would need their own role. Make sure that the method is approved by the management, and display a message on the re-login window explaining exactly whose idea this level of security is, and what the penalties are for lying. You could also keep a record of which users re-login and when, so that you can check if anyone logged in when they were out of the office or on leave. Let them know that this information is being recorded.

Another option would be to check access when moving between Forms - this would be relatively easy to do. You could buy biometric devices (retina readers, fingerprint readers) to ascertain identity if passwords won't do.

The best method for enforcing this level of security is by your security people swooping on PC users at unexpected moments, and asking them to verify who they are and who they are logged on as. Then have them carpeted if they violate the rules. Simple to implement and damned effective.

Simon Hedges
Gloucester
UK

Douglas Scott <dsscott_at_ev1.net> wrote in message news:Zr_k3.43$rf.14936_at_WReNphoon3...
> My company has a requirement to validate that a user
> is really who they are suppose to be within a
> particular application. This is mainly caused by
> computers being in a shared area which means that
> someone could login to the database with their Oracle
> account and then another person access the application
> and make a change that that person would not be able
> to do if they were logged into the database using
> their own account. What we want to do is implement a
> second layer of security that will prompt the user for
> a password if they try to update an item that has been
> identified as a restricted item. Does anyone know of
> good way to do this? We don't want to store a password
> in a table that someone could see through sql.
>
> Thanks
> Douglas Scott
>
>
>
> -**** Posted from RemarQ, http://www.remarq.com/?c ****-
> Search and Read Usenet Discussions in your Browser
Received on Tue Jul 20 1999 - 21:32:22 CEST

This message: [ Message body ]
Next message: bgomelsky_at_my-deja.com: "Microsoft Word Solution for the Oracle COM Data Cartridge"
Previous message: mtrhead_at_my-deja.com: "PL/SQL Tables in Forms 4.5"
In reply to Douglas Scott: "Application security question"
Next in thread: luiscabral_at_my-deja.com: "Re: Application security question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message