db-torque-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Scott Stevens <...@latchkey.com>
Subject Re: Getting access to the db connections
Date Tue, 25 Mar 2003 19:00:39 GMT
on 2003/3/24 3:25 PM, "Steve Lukshides" <lukshide@us.ibm.com> wrote:

> Our Oracle DB Admin insists that we run a stored procedure for each
> connection made to the database.  I'm not an Oracle DBA so forgive me if
> this explanation is less than clear.  As a security measure he expects
> every connection made to the database to call a stored procedure to set the
> application's role.  The idea is to prevent someone from logging on to the
> DB through SQL Plus with the user name and password that Torque uses and
> gain rights to use the database.  If someone were to discover the
> username/password that Torque uses and then logs on through SQL Plus they
> would not gain any rights until the SP is executed, which they are not
> likely to know and will be difficult to discover.

Ah...isn't inane paranoia wonderful?



StudioZ.tv /\ Bar/Nightclub/Entertainment
314 11th Street @ Folsom /\ San Francisco

View raw message