Consider security using One Big Application User model

November 19, 2010 by Leave a comment 

Oracle recommends that, where possible, you build applications in which application users are database users. In this way, you can leverage the security mechanisms of the database.

Unfortunately from my experience for a lot of commercial packaged software, application users are not database users. For these applications, multiple users authenticate themselves to the application, and the application then connects to the database as a single, highly-privileged schema user containing all the database objects. This is known as so-called One Big Application User model. Why, in spite of Oracle recommendation, the software vendors use in development that database authentication model? Read more »

The power of Oracle CREATE SESSION privilege

May 26, 2010 by Leave a comment 

So many times I hear from database developers that their application has no rights on an Oracle database server. This always surprises me since it is not possible to have an Oracle user connected to the database without any rights at all. Even with a single create session privilege the user obtains the whole bunch of default rights which can not be easily revoked by a poor DBA. Read more »

DBMS Blog Updates : Subscribe RSS RSS: Subscribe to Articles · Subscribe to Comments Subscribe RSS Receive site updates via email