Solved

Access DB through firewall

Posted on 2014-11-19
1
184 Views
Last Modified: 2014-12-04
A system located in head office, this system consists of oracle database and oracle forms, there is some users on database are default users and their passwords cannot be changed.
This system is connected to branches; the local network is connected to a firewall which is connected to a router to the branches.
Now some employees on branches knows the password of the default users which has special permissions on database.
The question is : can we let the employees on branches open the oracle forms and connect to database and restrict them to a new user we create for them on DB and disallow them to access the data base using one of the default users using the firewall?

Thanks,
0
Comment
Question by:oamal2001
1 Comment
 
LVL 74

Accepted Solution

by:
sdstuber earned 500 total points
ID: 40453092
In a logon trigger you can check if the user is coming from a particular ip  address (the firewall) or not and then either allow them through or return an error.

That might look something like this...

CREATE OR REPLACE TRIGGER trg_deny_remote_default
    AFTER LOGON
    ON DATABASE
BEGIN
    IF USER = 'DEFAULT_USER'
   AND SYS_CONTEXT('userenv', 'ip_address') NOT IN ('123.123.123.123',
                                                    '123.123.123.124',
                                                    '123.123.123.125',
                                                    '123.123.123.126')
    THEN
        RAISE_APPLICATION_ERROR(-20001, 'Default user must login from local address');
    END IF;
END;
/

Open in new window



Adjust the ip lookup rule to whatever is appropriate for your system.

Perhaps something with a LIKE clause to check ranges (white list)

 AND SYS_CONTEXT('userenv', 'ip_address')  LIKE '123.123.123.%'

or a NOT condition (black list)

AND SYS_CONTEXT('userenv', 'ip_address')  NOT LIKE '123.123.123.%'
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
OnPage: Incident management and secure messaging on your smartphone
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question