| Security Issue [message #108818] |
Fri, 18 February 2005 11:21  |
tinny
Messages: 4
Registered: February 2005
|
Junior Member |
|
|
Our security was not designed properly, in that there are objects that have been given public access and public synonyms created for them. There are also a number of users who were given privileges that they really shouldn't have. The applications give the right restrictions, but if the users go and access the database through sql*plus, they could create havoc if they wanted to.
Is there a way to get around this and restrict database access other than thru the app without having to go and audit each user's roles and without having to remove public grants? Product_user_profile table does not give enough restriction. There are lots of ways around that.
Database is on Oracle 9i.
|
|
|
|
 Re: Security Issue [message #109149 is a reply to message #108818] |
Tue, 22 February 2005 10:05  |
Uwe
Messages: 260
Registered: February 2003
Location: Zürich, Switzerland
|
Senior Member |
|
|
Hi,
we try this with a SQL Plan and Consumer Groups. So that all "Non-Application" Users gets only 10 % of the DB-Performance.
I hope that this will work fine, I set it up yesterday and we will work with it in the next weeks
Uwe
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
