Re: Would this work? Security

From: Joe Kazimierczyk <joseph.kazimierczyk_at_bms.com>
Date: Fri, 08 Sep 2000 08:14:18 -0400
Message-ID: <39B8D81A.9F9CB6BE_at_bms.com>

"Michael J. Moore" wrote:
>
> Using Developer Forms and giving each user access to the database tables
> poses a security problem. Specifically, the user could use a tool such as
> SQL Plus to directly update tables.
[snip]

[Quoted] If I understand the problem, then why not use roles with a password? You could:

- create a role identified by a passord
- grant update,insert,whatever on some tables to this role
- grant this role to your users, but disabled by default - important!
- don't tell the users what the role's password is, so they won't be

able to enable it from sqlplus, and won't be able to update the tables.
- your forms application would be the only thing that knows the password, and would do a 'set role rolename identified by password' to enable the role during the user's session with Forms. But outside of your app, they'd still have no access to the tables. Received on Fri Sep 08 2000 - 14:14:18 CEST

This message: [ Message body ]
Next message: Michael J. Moore: "Re: Would this work? Security"
Previous message: Luis Cabral: "Re: Would this work? Security"
In reply to Michael J. Moore: "Would this work? Security"
Next in thread: Luis Cabral: "Re: Would this work? Security"
Reply: Michael J. Moore: "Re: Would this work? Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message