jessea@homecare.COM (Jesse W. Asher) (05/23/91)
We are having some debates on how to approach security in Oracle and I
thought I'd see if anyone else out there had any thoughts on the matter.
To explain things a bit, we are using Oracle on a Sun Server with no one
logged into it except the Sysadmin or DBA. There won't even be logins
for anyone else. Then we have remote branch offices connected to the
server via leased lines using SLIP or PPP and the branch offices only
have sql*forms, sql*menu, sql*net, and Oracles tcp/ip add ins. They
will use these programs as well as word processing on their local
machine.
One suggestion is that we grant all to public on almost all our tables
(except for a few critical accounting tables) and use sql*menu and
sql*forms to control access to the tables. They are not allowed to even
see a shell - only the menus generated by sql*menu.
Does anyone have any comments about this? One concern is that except
for those critical tables mentioned above, the tables would be
vulnerable to anyone that had the know how. The users are
not likely to have this know how and so the sql*menu/sql*forms
environmeent would limit what they are capable of doing. Is this
reasonable to assume or are there other concerns or approaches we
haven't really considered? I guess the big problem is that it would be
difficult to maintain grants on the myriad of tables we will have and it
seems like a lot of trouble is we can get the same result by controlling
access to the database using sql*menu and sql*forms. Comments?
--
Jesse W. Asher NIC Handle: JA268 Phone: (901)386-5061
Health Sphere of America Inc.
5125 Elmore Rd., Suite 1, Memphis, TN 38134
Internet: jessea@homecare.COM UUCP: ...!banana!homecare!jessea