Re: CLIENT/SERVER ORACLE 6 S

From: Garth Kennedy <garth_at_.comm.mot.com>
Date: Wed, 7 Apr 1993 12:19:51 GMT
Message-ID: <1993Apr7.121951.10893_at_lmpsbbs.comm.mot.com>

In article <2678.1599.uupcb_at_factory.com> jared.hecker_at_factory.com (Jared Hecker) writes:
>
>A(>Newsgroups: comp.databases.oracle
>A(>Path:
>uupsi!psinntp!uunet!wupost!sdd.hp.com!spool.mu.edu!torn!csd.unb.ca!UNBVM1A
>A(>From: "Andrew Jones (lrpr#unb.ca)" <LRPR_at_UNB.CA>
>A(>Subject: Client/Server ORACLE 6 security issues
>A(>Message-ID: <05APR93.18755956.0053_at_UNBVM1.CSD.UNB.CA>
>A(>Sender: usenet_at_UNB.CA
>A(>Date: Mon, 5 Apr 1993 21:21:59 GMT
>
>A(> Hello! I am currently in the design stages of a project using
>A(>ORACLE version 6 RDBMS and SQL*net V6.0.36.1.1 to have DOS 5.0 PC's
>A(>in ORACLE 6 via the application logic. What scares me is a user who fires
>
>A(>must be able to (like insert rows in a table) without the application-based
>A(>integrity constraints. The best thing I can think of so far is to have them
>
>Andrew, a silly question: why do they need SQL*Plus? That aside, you can
>control access to tables via grants and synonyms; that's how you _should_ do so,
>as a matter of fact.
>
>hth
>
>jh
>---
> . MR/2 1.39x NR . OS/2'ing it big-time!!
>

I am not so sure this is a silly question. The question is how do I grant "someone" permission to execute logic through applications (SQL*FORMS - Pro*C - oraperl - etc) that will result in changes to the data contained in the database, while at the same time allowing them to use a freeform tool (like SQL*Plus) to free form queries. The use of two different database logins will not work.

Sure one could use a query tool that only allows queries, but what if they have "personal" tables that they need/want to modify ?

+------------------------------------------------------------------+
| Garth Kennedy       garth_at_comm.mot.com     Voice (708) 576-3786  |
| Private Systems Div. Motorola Inc.           FAX (708) 576-6028  |  
+------------------------------------------------------------------+

-- 
+------------------------------------------------------------------+
| Garth Kennedy       garth_at_comm.mot.com     Voice (708) 576-3786  |
| Private Systems Div. Motorola Inc.           FAX (708) 576-6028  |  
+------------------------------------------------------------------+

Received on Wed Apr 07 1993 - 14:19:51 CEST

This message: [ Message body ]
Next message: Devan F. Dewey: "Re: core dumps with SQL*FORMS 3.0, Sun OS 4.1.3"
Previous message: Stephen Schow: "Re: SQL*Plus: Column Delimiter"
In reply to: Jared Hecker: "CLIENT/SERVER ORACLE 6 S"
In reply to Jared Hecker: "CLIENT/SERVER ORACLE 6 S"
Next in thread: Devan F. Dewey: "Re: core dumps with SQL*FORMS 3.0, Sun OS 4.1.3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message