Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2002

    Exclamation Unanswered: Oracle Security - session manipulation

    Database: Oracle 8i 8.1.7
    Application: Developed through IDS ( Forms & Report 6i, Query & PRO C)

    The users logs on to the database through the above application. After logging on to the system the Application assigns them insert & update grants for the tables which otherwise the users doesn't have. When the users comes out of the application these grants are revoked.

    But if a user opens another connection through 'sqlplus' during the connected period through my application, he gets to enjoy the rights to update/insert in tables through the 'sqlplus'. This way he is able to manipulate the data using another session.

    Please give tips on prevention of such stuffs.

  2. #2
    Join Date
    Sep 2002
    Provided Answers: 1

    Re: Oracle Security - session manipulation

    Your application should not be granting and revoking privileges like that.
    Instead, PERMANENTLY grant the required privileges to a ROLE that has a password (which the user will not know). The application can than use SET ROLE to enable the role.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts