RE: Privileges by session

  • From: Upendra N <nupendra@xxxxxxxxxxx>
  • To: <martin.a.berger@xxxxxxxxx>, <wblanchard@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 8 Jan 2010 19:00:35 -0500

In our environment we have software dpkgs are built without the passwords, at 
the time of deployment they will be integrated with config files that contain 
database passwords. Other than SA no one should have access to the config files 
and App servers. However occasionally there will be instances where Developers 
may need to access one of the app server for troubleshooting, in such instances 
the production password may be exposed.

To address this, we have implemented TCP_INVITED_NODES using sqlnet.ora which 
acts as a firewall rejecting all the requests except the ones that are listed 
in there (we put in only the production app servers). In our setup, we usually 
don't have Oracle client installed on the app servers it works out easy, may 
not be possible on all the environments.

The most difficult step is to restrict developers on one project, once you set 
the precedence I find it easy to follow the lead. We go through audit sweep 
right before production launch to restrict application user access. In cases 
developers need more than read-only access we tell them we'll issue them 
"fireid" - temporary access to production.

-Upendra



CC: oracle-l@xxxxxxxxxxxxx
From: martin.a.berger@xxxxxxxxx
To: wblanchard@xxxxxxxxxxxxxxxxxxxx
Subject: Re: Privileges by session
Date: Fri, 8 Jan 2010 22:56:04 +0100

William,
I tried to follow all mails in this thread, but am not sure if I got all.
At the end, it's a question of control:*) if the application is running on a 
dedicated application server, and developers has no acces there, you can create 
a logon trigger which allows access for the application-account only from these 
nodes. (ok, it's possible to fake IPs etc, but this is a story for your 
security.mgr)*) if the application is running on any PC, any developer could 
compile his own private version of the application and run it without any way 
to catch it. (in this case, only hard-core auditing can at least document all 
changes)
so the first question should be: is there anything which is under your (or 
company) control - and developers cannot modify this? If you find such a fact, 
try to transfer it into a secure method to identify developers, and avoid any 
way to circumvent it. 
no help this time, but maybe a hint where to start.
best regards, Martin 

  Greetings,  
I have convinced management to allow me to grant read-only access to the 
developers.  The problem is that they know the application passwords and have 
been using those passwords to circumvent my controls.  Is there a way via a 
trigger, role, etc to change individual sessions privileges so they have read 
only (select) permissions?  The easiest way would be to change the permissions 
on the applications but that's not an option.
Thank you, 
WGB
                                          
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/196390707/direct/01/

Other related posts:

  1. Home
  2. oracle-l
  3. Archive
  4. 01-2010