Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access DB through firewall

Posted on 2014-11-19
1
Medium Priority
?
189 Views
Last Modified: 2014-12-04
A system located in head office, this system consists of oracle database and oracle forms, there is some users on database are default users and their passwords cannot be changed.
This system is connected to branches; the local network is connected to a firewall which is connected to a router to the branches.
Now some employees on branches knows the password of the default users which has special permissions on database.
The question is : can we let the employees on branches open the oracle forms and connect to database and restrict them to a new user we create for them on DB and disallow them to access the data base using one of the default users using the firewall?

Thanks,
0
Comment
Question by:oamal2001
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 74

Accepted Solution

by:
sdstuber earned 2000 total points
ID: 40453092
In a logon trigger you can check if the user is coming from a particular ip  address (the firewall) or not and then either allow them through or return an error.

That might look something like this...

CREATE OR REPLACE TRIGGER trg_deny_remote_default
    AFTER LOGON
    ON DATABASE
BEGIN
    IF USER = 'DEFAULT_USER'
   AND SYS_CONTEXT('userenv', 'ip_address') NOT IN ('123.123.123.123',
                                                    '123.123.123.124',
                                                    '123.123.123.125',
                                                    '123.123.123.126')
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Default user must login from local address');
    END IF;
END;
/

Open in new window



Adjust the ip lookup rule to whatever is appropriate for your system.

Perhaps something with a LIKE clause to check ranges (white list)

 AND SYS_CONTEXT('userenv', 'ip_address')  LIKE '123.123.123.%'

or a NOT condition (black list)

AND SYS_CONTEXT('userenv', 'ip_address')  NOT LIKE '123.123.123.%'
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
What we learned in Webroot's webinar on multi-vector protection.
Via a live example, show how to restore a database from backup after a simulated disk failure using RMAN.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question