database security 
Author Message
 database security

Hi there.

This is our scenario at work:
User use New-Era and VB applications to access our Informix 7.31 database.
The users are not allowed to telnet to the server.

My problem is that I must give the users ALL table privileges to do normal
operation on the database.
A application my inset in one table and in the background update a table
that the user is not aware of.
There is no database security in place and to change this according to the
applications is going to be a nightmare.
The applications do some security checking.

Now if you get a cleaver user that use a third party tool to access the
database with his odbc connection he/she
can basically do any thing on the database.( ALL table privileges)
Some users must use third party tools to do sql queries.

Is their a easy way to give access to users that are allowed to use third
party tools
and to revoke connect to illegal users.

Basically I want to know how can I tell if a user is using a application
that is approved and a
application that is not supposed to connect to the database.
And give them on the fly connect or revoke privileges.

If someone can point me in the right direction I would appreciate it a lot.
Thanks.



Sat, 05 Jun 2004 15:30:08 GMT
 database security

Quote:

> Hi there.

> This is our scenario at work:
> User use New-Era and VB applications to access our Informix 7.31 database.
> The users are not allowed to telnet to the server.

> My problem is that I must give the users ALL table privileges to do normal
> operation on the database.
> A application my inset in one table and in the background update a table
> that the user is not aware of.
> There is no database security in place and to change this according to the
> applications is going to be a nightmare.
> The applications do some security checking.

> Now if you get a cleaver user that use a third party tool to access the
> database with his odbc connection he/she
> can basically do any thing on the database.( ALL table privileges)
> Some users must use third party tools to do sql queries.

> Is their a easy way to give access to users that are allowed to use third
> party tools
> and to revoke connect to illegal users.

> Basically I want to know how can I tell if a user is using a application
> that is approved and a
> application that is not supposed to connect to the database.
> And give them on the fly connect or revoke privileges.

> If someone can point me in the right direction I would appreciate it a lot.
> Thanks.

Remove the offending priveleges and change the application to call a DBA class

stored procedure to perform the updates.  A DBA procedure executes with its
owner's priveleges not the user's.

Art S. Kagel



Sun, 06 Jun 2004 08:23:35 GMT
 
 [ 2 post ] 

 Relevant Pages 

1. Database Security and VB Front End Security

2. Confused between Server Security and Database Security

3. Database Security and VB Front End Security

4. Database security at the database level.

5. Access Database concurrent users in VB 4.0 application and Database Security

6. Database security

7. Back-end database security?

8. database security

9. WWW and Database Security

10. Database security

11. Database Security

12. SQL7 Database Security


 
Powered by phpBB® Forum Software