we have prevented DML, but not selects, we didnt much care about selects
but changes were not allowed except thru the app.
we used the procedure set_client_info, read_client_info which are part
of the dbms_application_info package, here is the 10 second guide to
implementation:
this assumes you can alter the app.
1. your app upon login to the database calls the set_client_info with
some "key", it can be 40 bytes and we usually made it 40 random
characters.
2. a table exists with one or more "valid key"
3. a before insert,update,delete trigger exists on every table that you
want to have security on, it read the client info(via read_client_info
proc), compares it to legal values in the "valid key" table. If it
matches, drop out of the trigger, if it does not match, raise an
exception, stating invalid appl for updates, notify.......
4. We used this not only as a way to make sure only certain apps could
update, but when we put out a new version, we changed the key, and didnt
let the old version into the database to do updates, since we removed
the old keys from the tables.
If you want to see some specifics of how we did it, email me direct.
joe
Denham Eva wrote:
>
> Hi Gurus
>
> Has anyone ever had to prevent users from accessing the Database from other
> applications other than those sanctioned by the company.
> ie prevent users accessing the database using Microsoft's Access and yet
> still be able to access via the company application which also uses ODBC.
> OR preventing users accessing the DB via sqlplus but still through the app.
>
> I would appreciate any knowledge that can be shared on this topic.
> Many Thanks
> Denham
--
Joe Testa
Performing Remote DBA Services, need some backup DBA support?
For Sale: Oracle-dba.com domain, its not going cheap but feel free to
ask :)
IM: n8xcthome or joen8xct
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Joe Testa
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
