| Subject | Re: [ib-support] dynamic roles |
|---|---|
| Author | Ann W. Harrison |
| Post date | 2001-12-30T18:03:53Z |
At 12:21 PM 12/30/2001 -0500, Mike Arace wrote:
and who's not? As long as the application lives on the client, it's
got to be considered suspect. If your application is on a trusted
server and the user has to provide credentials to the application,
then certainly the application can provide it's credentials to the
database, giving it rights that the user could not get directly.
Is that the sort of thing you're thinking of?
Regards,
Ann
www.ibphoenix.com
We have answers.
>I heard that in Oracle there is a way of dynamically assigning roles at theCould you run that by me again? How does Oracle know who's a baddy
>application level to prevent malicious users from being able to log in to
>the database directly and see or do anything.
and who's not? As long as the application lives on the client, it's
got to be considered suspect. If your application is on a trusted
server and the user has to provide credentials to the application,
then certainly the application can provide it's credentials to the
database, giving it rights that the user could not get directly.
Is that the sort of thing you're thinking of?
Regards,
Ann
www.ibphoenix.com
We have answers.