odbc connections and database security
here is my dilemma. I have a database with hundreds of users. The database is oracle 220.127.116.11 on solaris 8. The database runs a financial application (banking). All the users connect to oracle through the application. All users have insert update and delete privileges on the main schema tables as they need these to do their jobs (posting + reversing transactions, amending names addresses etc.)
Any changes or updates made are audited within the application, and users are restricted to what they can do by the application's own menu security system, so I have no problems with security at this level.
The problem I have is with ms access databases. Every user has ms office on their pc. It appears that anyone who can set up an odbc connection to the production database, and connect using their own username and password can basically do any damage they want, delete whole tables, change data etc without any trace. We have a couple of access databases in the IT dept that we need to be able to connect to the production db, and we wont allow anyone else connect like this. ( cd's and floppy drives are locked down on all user pc's and odbc functionality has been removed also, except on certain IT dept pc's. But i'm still uneasy about this.
Is there any way in oracle (or unix) that odbc connections can be restricted (say only to specific ip addresses, oracle users or groups)? If not can they be logged or monitored in any way?
Any help or suggestions greatly appreciated.
Yep, at a few layers.
My favorite is to pass the buck to the netwokr admin and have him restrict access based on IP through thr firewall. Otherwise you could do it in 9i (I think 8i as well)
I'm stmontgo and I approve of this message
Click Here to Expand Forum to Full Width