Re: session control

"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> writes:

> "pradip_chanda" <member_at_dbforums.com> wrote in message
> news:2310094.1040545277_at_dbforums.com...
> >
> > I have an application (IDS -Forms) ithrough which when a user logs in ,
> > gets permission to insert/update tables. But this permission he does not
> > have otherwise. This was done so that a user is not able to edit tables
> > through any applicationsn (e.g. sqlplus) other than the forms.
> >
> > But if the user has already got a running session through the above
> > mentioned application he can login & edit tables through 'sqlplus'. This
> > I don't want. By database is Oracle 8i Enterprise Edition 8.1.7.
> >
> > Any idea!
> >
> > --
> > Posted via http://dbforums.com
>
> 1 - use the product_profile feature, still present in sql*plus to disable it
> completely
> 2 set the init.ora parameter resource_limit to true, so you can CREATE
> PROFILE to limit the number of sessions per user and the number of logins
> 3 Make sure RI is enforced in the database instead of the application, so
> people using sql*plus can't do any harm
> 4 deinstall sql*plus from all systems that don't need it.
> 5 get some treatment for your symptoms of paranoia. If your application is
> secure and you only allow access to users with legitimate rights, and your
> privileged accounts are secure, there is nothing to worry about.
> --
> Sybrand Bakker
> Senior Oracle DBA

I liked the sugestion for treatment for paranoia, but ....

[Quoted] One idea that Sybrand did not mention is to move all of the data manipulation into a PL/SQL (or Java if that's your thing) module and give the user access to the module not the tables. Then, even in sqlplus, they can only perform valid operations. Obviously, if part of what the forms are doing is auditing, that would have to be moved into the module as well.

Dudley Irish Received on Sun Dec 22 2002 - 17:49:37 CET