|
-
 Security
I am looking for suggestions as to how I might implement a security feature. Here is some background info. Running Oracle 8.1.7 in a client/server environment. The server is Windows 2000 and the client machines are also Win 2000. We have an in-house built application that the clients use to access the database. Currently, anyone that knows a username/password can access the database WITHOUT using the application. Is there a way to restrict access to the database to only the application users? Also, is there a way to restrict access to only an "authorized" user? And by that I mean for example, I can sign on to the computer on my desk because I have been given the "rights" to my machine (admin privileges). But if someone else signs on to my machine (using their username/password) they do not have all the same "rights" as I do. Can I prevent that other person from getting access to the database from my machine? I hope this makes sense.
Thanks.
-
For what you want, the closest you can come, I believe, is by:
Using only OPS$ (externally identified) accounts that pick up the username from the network. When the client station signs onto the network, the user id for that task is used to connect to Oracle.
Remove SQL*PLUS, SQL*LOADER, all ODBC connectivity (MS Office, Access, Excel, etc.), etc. from the workstations.
You can additionally put in a logon trigger that could check a table you maintaint that links the userid used to an authorized workstation (by MAC address or station name). You can also set up the product User Profile table to limit which programs can access the database.
I would also look into Fine Grained Security, which can further limit what users can see if they get into the database (Oracle can go to C2 Security.)
Enjoy.
Joseph R.P. Maloney, CSP,CDP,CCP
'The answer is 42'
-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote