Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Control which apps can connect to DB. 1

Status
Not open for further replies.
jdemmi

jdemmi

MIS
Jun 6, 2001
1,106
US
OK so here's the deal. I want to control which exeutables can connect to my DB. Obviously I'd also like to set that at a user level (DBAs and Admins (like me) need a little more flexibilty than the average end user).

So I started to search for existing methods and found this...


Is this one sound? Overkill? Is there a better way? Is there an easier way?

I'd also like to INCLUDE executables, taking "white-list" approach for obvious reasons (much harder to know what apps there are out there that MIGHT connect -- which we KNOW which ones we ALLOW to connect)

If I've left anything out please let me know.

Thanks.

-- Jason
"It's Just Ones and Zeros
 
Sort by date Sort by votes
Thanks Turk -- unfortunately my DBAs are in several states across the US, and Canada and India....rarely more than 1 in the same building at the same time. I'll have a look though....we have several of the Quest products already.

-- Jason
"It's Just Ones and Zeros
 
Upvote 0 Downvote
Because it is possible to spoof application name, ip address, etc... there is really no practical way to restrict by application name. There are more then a couple threads on this on asktom.oracle.com

You might look at a secure application role. This would make connecting via an unauthorized tool pretty useless since the role that allows it to see or do anything in the dictionary would be inactive until the user or application successfully executed a procedure to activate the role.


 
Upvote 0 Downvote
Another problem is say you want to restrict the users to the ABC.exe application, fine check the program name. However, I can easly get around your checking by copying sqlplus.exe to ABC.exe and I am in with a full tool set. One way to do it is to wrap your application so it can't be viewed and then the application would logon using a database login know only to itself. This would keep out outside users.

Bill
Lead Application Developer
New York State, USA
 
Upvote 0 Downvote
OK, can you spoof the "module" as well? How bout the terminal? There's no such think as 100% protection. I know that.

-- Jason
"It's Just Ones and Zeros
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rasheed Shaik
  • Locked
  • Question
\Orant\DBS\FMCUS.MSG not found
Replies
0
Views
923
Rasheed Shaik
Rasheed Shaik
sqlPower
  • Locked
  • Question
Help with Integer to Char to Datetime stamp
Replies
2
Views
733
SkipVought
S
Livia8
  • Locked
  • Question
Alternative to "locate" command
Replies
0
Views
686
Livia8
Livia8
Livia8
  • Locked
  • Question
Can deleted files/ directories (rm -r) be retrieved again?
Replies
6
Views
391
Livia8
Livia8
TheLazyPig
  • Locked
  • Question
Inserting Text Decimal to Table Error
Replies
4
Views
755
carp
carp

Part and Inventory Search

Sponsor

Back
Top