Solved

Access DB through firewall

Posted on 2014-11-19
1
186 Views
Last Modified: 2014-12-04
A system located in head office, this system consists of oracle database and oracle forms, there is some users on database are default users and their passwords cannot be changed.
This system is connected to branches; the local network is connected to a firewall which is connected to a router to the branches.
Now some employees on branches knows the password of the default users which has special permissions on database.
The question is : can we let the employees on branches open the oracle forms and connect to database and restrict them to a new user we create for them on DB and disallow them to access the data base using one of the default users using the firewall?

Thanks,
0
Comment
Question by:oamal2001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 74

Accepted Solution

by:
sdstuber earned 500 total points
ID: 40453092
In a logon trigger you can check if the user is coming from a particular ip  address (the firewall) or not and then either allow them through or return an error.

That might look something like this...

CREATE OR REPLACE TRIGGER trg_deny_remote_default
    AFTER LOGON
    ON DATABASE
BEGIN
    IF USER = 'DEFAULT_USER'
   AND SYS_CONTEXT('userenv', 'ip_address') NOT IN ('123.123.123.123',
                                                    '123.123.123.124',
                                                    '123.123.123.125',
                                                    '123.123.123.126')
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Default user must login from local address');
    END IF;
END;
/

Open in new window



Adjust the ip lookup rule to whatever is appropriate for your system.

Perhaps something with a LIKE clause to check ranges (white list)

 AND SYS_CONTEXT('userenv', 'ip_address')  LIKE '123.123.123.%'

or a NOT condition (black list)

AND SYS_CONTEXT('userenv', 'ip_address')  NOT LIKE '123.123.123.%'
0

Featured Post

RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question