Re: SQL*Net Security Question

From: Rick Wessman <rwessman_at_rwessman.us.oracle.com>
Date: 1995/09/06
Message-ID: <RWESSMAN.95Sep6070227_at_rwessman.us.oracle.com>#1/1


In article <42ittb$nnv_at_ixnews5.ix.netcom.com> kmelcher_at_ix.netcom.com (Kenneth Melcher) writes:

>From: kmelcher_at_ix.netcom.com (Kenneth Melcher)
>Newsgroups: comp.databases.oracle
>Date: 6 Sep 1995 01:35:39 GMT
>Organization: Netcom
>
>>
>>In article <42gi3h$rkj_at_ixnews2.ix.netcom.com>, kmelcher_at_ix.netcom.com
>>says...
>>>
>>>
>>>For instance, I would like for our DBA's to be able to access
>>>our servers via SQL*Net. They will always be connecting from their
>>>individual workstations using consistent userids. However, I
>>>do not want any other machines or users on the net to have access
>>>to the servers via SQL*Net.
>>>
>>
>Except in the case where you have security set up in such a fashion
>such that the only non-dba connections should be coming through a
>TP-monitor such as Tuxedo, which handles its own security functions.
>In our case, we want noone connecting via SQL*PLUS or any other
>mechanism other then Tuxedo with the exception of the DBAs. The
>problem is, SQL*Net poses a potential hole in the case where someone
>might discover a database userid/password and connect to the database
>without having to authenticate themselves to either the application or
>the operating system (O/S ids on the production system are restricted
>to tech support staff only). Hence, my desire to control access via
>SQL*net to only specific client machines (preferably) or specific
>O/S users.
>
>KM
There currently is no way to do what you want in SQL*Net. However, you might want to consider using Secure Network Services to encrypt the data so that passwords are not exposed.

                                        Rick Received on Wed Sep 06 1995 - 00:00:00 CEST

Original text of this message