Our method was as follows:
1. Give each user an ID on the system.. a very limited ID.
2. The ID would have roles that were given to it but were password
protected . This way the user could not log into something like SQL+ and
see the tables (it was secured radiation dose level information)
3. The ID was given only select access to a security table. In this table
was all the information as to what security level the user actually had.
4. Based on this security level, the application would activate the
appropriate roles for the user. Once these were activated then they could
access the application.
You could just as easily have , based on security level, connected the user
at this point to the application using a different ID.
There are, of course, some drawbacks.
The biggest is that you have to maintain the passwords for the roles. We
did this via a package that had the password imbedded in it.
The plus that we needed was to NOT allow the users to see any data unless
they were in the Application. This was handled very easily with the
password protected roles.
Kevin
-Original Message-
Sent: Wednesday, May 30, 2001 4:27 PM
To: Multiple recipients of list ORACLE-L
How do you handle logins for applications that log into the database
using a common login? I've seen it handled through hard-coded
username/pass in the app, password file in 'secure' directories and
ops$ account with remote_os_authent set to true on a server being
accessed from a 3rd tier web app. Mgmt didn't seemed too thrilled when
I showed them in about 2 minutes how to break into the db when
remote_os_authent=true.
Just curious how you handle this. I haven't seen any particularly
great way and am looking for a better solution. V7.3.4 -> 8.1.7
databases.
Thanks - Brian
__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Brian Wisniewski
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Kevin Lange
INET: [EMAIL PROTECTED]
Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051
San Diego, California-- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).