| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: methodology to keep only certain programs to connect to
I have always thought this was the best way to implement a security package.
Nice to see you implemented the seed number for changing encryption.
-----Original Message-----
From: Glenn Stauffer [mailto:stauffer_at_swarthmore.edu]
Sent: Tuesday, September 10, 2002 1:49 PM
To: Multiple recipients of list ORACLE-L
Subject: Re: methodology to keep only certain programs to connect to
I'm working with an application that uses a combination of encrypted seed numbers and password protected roles to limit access to the application tables to the specific application and version.
In this database, any external application (sqlplus, etc) cannot provide access to the application tables since that requires activation of the password protected role. The only default role for users is a connect role that has only connect privs. And, you can't just grab a copy of the application from anywhere and use it against the database since the encrypted seed number compiled into the application is checked against the value in the database before a connection is permitted.
Glenn Stauffer
On Tue, 2002-09-10 at 11:58, JOE TESTA wrote:
> I've been tasked to ensure only certain app programs access the database.
>
> I'm thinking on-logon trigger, check the program field from v$session.
unfortunately v$session is for all sessions, i can't seem to find the view
that tells me only MY info during login. I only want the sid, serial#,
username and program for my just now connection to the database.
>
> Does this exist or am I going about this the wrong way?
>
> We're thinking of checking those fields to make sure sql*plus, toad, etc
can't connect as a particular user(even though the password is known out in
the community).
>
> any ideas would be greatly appreciated.
>
> joe
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Glenn Stauffer INET: stauffer_at_swarthmore.edu Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Tue Sep 10 2002 - 14:37:56 CDT
 |
 |