-
looking for different approaches on web-based application/database security.
Using IIS and Oracle 9i. Client doesn't want to do account management in database, so IIS will do all database access through a single account in the database.
Client's idea is to control access to data by controlling what ASP scripts users are allowed to execute.
what are your thoughts?
thanks!
-
Check the product of http://www.netegrity.com
Sam
Thanx
Sam
Life is a journey, not a destination!
-
Oracle9i has loads of better ways to do this than limiting access to pages. You've got:
Virtual Private Database (VPD) from 8i onwards
http://www.oracle-base.com/Articles/...bases(VPD).asp
Secure Application Roles
Partitioned Fine Grain Access Control
Global Application Context
Oracle Label Security (OLS)
http://www.oracle-base.com/Articles/...ncements9i.asp
Something here must match your needs.
Why not set an application context with your "user reference" when you make a DB connection and use this reference to limit data accessusing partitioned fine grain access control?
[Edited by TimHall on 01-28-2002 at 06:35 AM]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|