Re: Client/Server and Oracle Security

In article <38h65b$4ea_at_usenet.srv.cis.pitt.edu> seibert_at_isd.upmc.edu (Chuck Seibert) writes:
>From: seibert_at_isd.upmc.edu (Chuck Seibert)
>Subject: Client/Server and Oracle Security
>Date: 24 Oct 1994 20:41:15 GMT
>Keywords: client server security
 

>I have a custom client/server application using a DOS 6.2 PC running SQLNet 2.0 as
>the client and a Sun Solaris 2.3 Oracle 7.0.15 database server. As this is a rather
>complex application I would like my users to use this custom front end to update the
>database.
 

>Questions:
 

>1. How can I prevent users from using other tools like Paradox for Windows,
>MS-Visual Basic, Powerbuilder, ... from updating my data as their database usernames
>are already granted privs on the tables.
 

>2. Are there 3rd party tools/products to help lock this down?
 

>Thanks,
 

>Chuck Seibert

chuck,
my company (DBCORP) has a windows based product called secire*db which will let you do this in a couple of ways. the best way is to create 'hidden' id's for the end-user that have all the application privs, and let the end-users base id have 'public' privs. secure*db has features to enable the hidden id from windows or unix programs. it also has lots of other security administration goodies. for more info, please e-mail info_at_dbcorp.ab.ca

Bruce McCartney

Bruce McCartney                                  Voice:  (403)-237-6130 
DBCORP Information Systems Inc.                  Fax:    (403)-237-6135
2060 140 4th Avenue SW                           Cell:   (403)-680-1802
Calgary Alberta, Canada T2P 3N4                  bmccartn_at_dbcorp.ab.ca