Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Is it possible???

RE: Is it possible???

From: Shahid Malik(IT) <shahid.malik_at_pepsi-lahore.com.pk>
Date: Mon, 25 Jun 2001 00:56:32 -0700
Message-ID: <F001.00335E20.20010625005532@fatcity.com> 






THANKS


-----Original Message-----


Sent: Monday, June 25, 2001 1:11 PM


To: Multiple recipients of list ORACLE-L




On Jun 24, 2001 at 10:20:19PM, Shahid Malik(IT) wrote:


> Hi Friends,

> 

>      I want that user only access data from application not from sql

> prompt.

> 

> Any help would be highly appreciated.




SQL*Plus User's Guide and Reference Release 8.1.7. Chapter E. Security.
Besides SQL*Plus there are some others utilities which can be used to
gain access to the database. So, you can consider:



To use roles for each particular set of business-operations which
are hard-coded into the application and the user will not know what
a role should be enabled or disabled to gain an access to a specific
``chunk'' of the server side code.



Do not use direct access to tables, only thru views and if it is
possible for you enable fine grained access for them



Do not grant to the user any insert, delete, update privileges.
Hide the logic inside packages and grant just execute privilege
for the users.



To use logon trigger which will check and log all necessary
information about a user's attempt to gain an access using something
else than your application. An example you can find here:
http://vbegun.net/oramag/wtmp/wtmp.html (it's written in Russian
language but you can easily understand and use all PL/SQL, SQL
stuff that is presented in the article:



  http://vbegun.net/oramag/wtmp/cr_t.sql -- tables
  http://vbegun.net/oramag/wtmp/trg.sql -- triggers



HTH


-- 
Vladimir Begun               | Half the world is composed of people who have
http://vbegun.net/           | something to say and can't, and the other
http://vbegun.net/wap/       | half who have nothing to say and keep on
me_at_vbegun.net                | saying it.
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Vladimir Begun
  INET: jester_at_whale.sunbay.crimea.ua

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Shahid Malik(IT)
  INET: shahid.malik_at_pepsi-lahore.com.pk

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Mon Jun 25 2001 - 02:56:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US