Re: Client/Server and Oracle Security

From: Carolyn Binder <cbinder_at_crl.com>
Date: 27 Oct 1994 12:27:25 -0700
Message-ID: <38ouut$phr_at_crl.crl.com>

I've seen a variant of Amit's second suggestion (roles with passwords where only the app knows the password) where the password was stored in an encrypted file, which was read and decrypted by the app. Of course, the weak spot now is the encryption/decryption routine...

Also---I have seen SYBASE databases where there are update triggers which query the system tables to see what application the person is running , and if it is not an 'approved' one, updates are rolled back and the user gets a friendly reminder. Don't know, off the top of my head, if the application name is in any of the ORACLE system tables. This approach does have (ahem) some overhead associated with it....

Not an easy problem!
Carolyn Binder

work: binderc_at_hq.mpc.af.mil
home: cbinder_at_crl.com Received on Thu Oct 27 1994 - 20:27:25 CET

This message: [ Message body ]
Next message: Kim Ng: "Re: Friendly Text handling in SQL*Forms 3.0"
Previous message: Jeff Jacobs: "Re: primary keys and indexes"
Maybe in reply to: Amit Ghosh: "Re: Client/Server and Oracle Security"
Next in thread: Roderick Manalac: "Re: Is it possible to import a VMS tape export under Solaris"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message