Complex data security requirement: User + Computer

From: Paul Marks <sessec01.pmarks_at_eds.com>
Date: 1997/07/10
Message-ID: <01bc8d50$3a40b2f0$6f4684c6_at_pc-pmarks>#1/1

My customer wishes to restrict access to (Oracle) data based not only upon which
user is logged in, but which client computer is logged into by the user.

For example, a user logged into a workstation deemed to be "in an unsecure area" may not access any financial data. Application-level security cannot be used since this must also include third-party applications such as reporting tools. Simply restricting access to the reporting tool itself is not a solution, since that may be needed to access other, non-restricted data.

I have a couple of ideas, but I don't like either one. Has anyone ever done anything like this before? Received on Thu Jul 10 1997 - 00:00:00 CEST

This message: [ Message body ]
Next message: Michael Serbanescu: "Re: Complex data security requirement: User + Computer"
Previous message: John Chantha: "Informix and Sybase DBA/Developer Available"
Next in thread: Michael Serbanescu: "Re: Complex data security requirement: User + Computer"
Reply: Michael Serbanescu: "Re: Complex data security requirement: User + Computer"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message