Solved

Access DB through firewall

Posted on 2014-11-19
1
180 Views
Last Modified: 2014-12-04
A system located in head office, this system consists of oracle database and oracle forms, there is some users on database are default users and their passwords cannot be changed.
This system is connected to branches; the local network is connected to a firewall which is connected to a router to the branches.
Now some employees on branches knows the password of the default users which has special permissions on database.
The question is : can we let the employees on branches open the oracle forms and connect to database and restrict them to a new user we create for them on DB and disallow them to access the data base using one of the default users using the firewall?

Thanks,
0
Comment
Question by:oamal2001
1 Comment
 
LVL 73

Accepted Solution

by:
sdstuber earned 500 total points
Comment Utility
In a logon trigger you can check if the user is coming from a particular ip  address (the firewall) or not and then either allow them through or return an error.

That might look something like this...

CREATE OR REPLACE TRIGGER trg_deny_remote_default
    AFTER LOGON
    ON DATABASE
BEGIN
    IF USER = 'DEFAULT_USER'
   AND SYS_CONTEXT('userenv', 'ip_address') NOT IN ('123.123.123.123',
                                                    '123.123.123.124',
                                                    '123.123.123.125',
                                                    '123.123.123.126')
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Default user must login from local address');
    END IF;
END;
/

Open in new window



Adjust the ip lookup rule to whatever is appropriate for your system.

Perhaps something with a LIKE clause to check ranges (white list)

 AND SYS_CONTEXT('userenv', 'ip_address')  LIKE '123.123.123.%'

or a NOT condition (black list)

AND SYS_CONTEXT('userenv', 'ip_address')  NOT LIKE '123.123.123.%'
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now