odbc connections and database security
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 2 of 2

Thread: odbc connections and database security

  1. #1
    Join Date
    Jun 2001
    Location
    Dublin, Ireland
    Posts
    66

    odbc connections and database security

    Hi,
    here is my dilemma. I have a database with hundreds of users. The database is oracle 8.1.7.2 on solaris 8. The database runs a financial application (banking). All the users connect to oracle through the application. All users have insert update and delete privileges on the main schema tables as they need these to do their jobs (posting + reversing transactions, amending names addresses etc.)
    Any changes or updates made are audited within the application, and users are restricted to what they can do by the application's own menu security system, so I have no problems with security at this level.
    The problem I have is with ms access databases. Every user has ms office on their pc. It appears that anyone who can set up an odbc connection to the production database, and connect using their own username and password can basically do any damage they want, delete whole tables, change data etc without any trace. We have a couple of access databases in the IT dept that we need to be able to connect to the production db, and we wont allow anyone else connect like this. ( cd's and floppy drives are locked down on all user pc's and odbc functionality has been removed also, except on certain IT dept pc's. But i'm still uneasy about this.
    Is there any way in oracle (or unix) that odbc connections can be restricted (say only to specific ip addresses, oracle users or groups)? If not can they be logged or monitored in any way?
    Any help or suggestions greatly appreciated.

  2. #2
    Join Date
    Aug 2002
    Location
    Atlanta
    Posts
    1,187
    Yep, at a few layers.

    My favorite is to pass the buck to the netwokr admin and have him restrict access based on IP through thr firewall. Otherwise you could do it in 9i (I think 8i as well)
    I'm stmontgo and I approve of this message

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width