| Access rights to the Dictionary by non-DBA users (Part II) [message #52570] |
Tue, 30 July 2002 06:32  |
Cristobal
Messages: 5
Registered: July 2002
|
Junior Member |
|
|
Hi again,
Thanks for your quick responses, guys, but let me go further :
I have been looking for possible security issues in the part of the dictionary visible by default. More or less I can see that the only sensible information that my customers could get is just the usernames of the other ones ... It's not a problem if I use an internal code instead of the name by itself as a login.
Do you think that it is enough protections for web-hosting environments ? Maybe I should think in creating Virtual Private Databases ? Any experience about that ?
Regards.
|
|
|
|
| Re: Access rights to the Dictionary by non-DBA users (Part II) [message #52572 is a reply to message #52570] |
Tue, 30 July 2002 07:21  |
 |
Mahesh Rajendran
Messages: 10708
Registered: March 2002
Location: oracleDocoVille
|
Senior Member
Account Moderator |
|
|
the best way to protect codes ( ie..codes against datbases) from web is to make use of stored procedures.
We have implemented same kind of security checkpoint for about 100-150 websites ( intranet and internet).
Just make sure that, any call against the database from the web application web interface is always through a stored procedure and NOT DIRECT SQL CALL is allowed.
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
