| Subject | How do I prevent non-SYSDBA user from seeing DB structure? |
|---|---|
| Author | Zd |
| Post date | 2008-11-09T12:10:35Z |
Hi everyone!
I'm trying to implement the security structure that someone suggested here a while back:
Instead of putting SYSDBA password in my app, my app connects to the database using a "built-in" user, who should have rights only to execute a specific stored procedure. If the supplied username / password is correct, the stored procedure returns the SYSDBA password (through an encrypted SSL connection).
The problem is:
I've created a new user
I've granted EXECUTE role to the new user on my stored procedure
Now the user can't read or modify any data, but it can see database metadata! The biggest problem is that the new user sees the code of my stored procedure, which has the SYSDBA password built-in!
So the question is:
How do I revoke the new user's rights to see database metadata?
Thanks,
Zd
[Non-text portions of this message have been removed]
I'm trying to implement the security structure that someone suggested here a while back:
Instead of putting SYSDBA password in my app, my app connects to the database using a "built-in" user, who should have rights only to execute a specific stored procedure. If the supplied username / password is correct, the stored procedure returns the SYSDBA password (through an encrypted SSL connection).
The problem is:
I've created a new user
I've granted EXECUTE role to the new user on my stored procedure
Now the user can't read or modify any data, but it can see database metadata! The biggest problem is that the new user sees the code of my stored procedure, which has the SYSDBA password built-in!
So the question is:
How do I revoke the new user's rights to see database metadata?
Thanks,
Zd
[Non-text portions of this message have been removed]