RE: two instance -- one database
- From: "Rich Jesse" <rjoralist@xxxxxxxxxxxxxxxxxxxxx>
- To: "oracle-l" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 24 Sep 2008 12:15:58 -0500 (CDT)
> I think that COTS applications always have unique concerns. I should have
> been clearer that this is an in-house built app.
>
> But that's a very interesting scenario and approach. Thanks for sharing
> that. I have two questions. Do you include SELECT in DML, sometimes it is
> and.. If you control INS/UPD/DEL via the view only database, I guess that's
> fine, but do you force selects too?
No I don't include SELECT in the category of "DML" since it's not
Manipulating anything. I can see restricting the tables from which queries
are run being a future requirement, but for now SELECT is wide open.
> Second, why choose to not create any other schemas in our production? You're
> attempting to overcome a security deficiency in the prod database, why not
> create the Gatekeeper schema there? Seems like an aesthetic decision more
> than a practical one.
I'm not sure I follow you. The GRANTs are to PUBLIC, which is a special
role that cannot be revoked. How would the gatekeeper prevent access other
than perhaps a complex web of triggers?
Rich
--
//www.freelists.org/webpage/oracle-l
Other related posts:
