Re: Complex data security requirement: User + Computer
From: Michael Serbanescu <mserban_at_postoffice.worldnet.att.net>
Date: 1997/07/10
Message-ID: <33C5B8A8.68C3_at_postoffice.worldnet.att.net>#1/1
Paul Marks wrote:
>
> My customer wishes to restrict access to (Oracle) data based not only upon
> which
> user is logged in, but which client computer is logged into by the user.
>
> For example, a user logged into a workstation deemed to be "in an unsecure
> area" may not access any financial data. Application-level security cannot
> be used since this must also include third-party applications such as
> reporting tools. Simply restricting access to the reporting tool itself is
> not a solution, since that may be needed to access other, non-restricted
> data.
>
> I have a couple of ideas, but I don't like either one. Has anyone ever done
> anything like this before?
Received on Thu Jul 10 1997 - 00:00:00 CEST
Date: 1997/07/10
Message-ID: <33C5B8A8.68C3_at_postoffice.worldnet.att.net>#1/1
You can specify what nodes, i.e. IP adresses, can or cannot access an ORACLE instance through SQL*Net, by listing those addresses in the PROTOCOL.ORA file.
Hope this helps.
Michael Serbanescu
Paul Marks wrote:
>
> My customer wishes to restrict access to (Oracle) data based not only upon
> which
> user is logged in, but which client computer is logged into by the user.
>
> For example, a user logged into a workstation deemed to be "in an unsecure
> area" may not access any financial data. Application-level security cannot
> be used since this must also include third-party applications such as
> reporting tools. Simply restricting access to the reporting tool itself is
> not a solution, since that may be needed to access other, non-restricted
> data.
>
> I have a couple of ideas, but I don't like either one. Has anyone ever done
> anything like this before?
Received on Thu Jul 10 1997 - 00:00:00 CEST