Q
Problem solve Get help with specific problems with your technologies, process and projects.

Can a single user be bound by a given TNS?

Can a single Oracle user be bound by a given TNS? Just like: sqlplus scott/tiger@ONLYSCOTTALLOWED.

No other users used this ONLYSCOTTALLOWED db connection.

If it is possible, then please give me a solution. I am developing Web applications in PHP and want to access the only authorized Oracle single user. (This single user should have only select privileges on other users' tables.)

There are lot of Oracle users that could use this connection. So this couldn't be solved through grants or roles.
There is no permissions structure built into the TNS layer. Besides, one should not mistake obsecurity with security. By hiding the TNS connect descriptor, you may have made it more difficult for a user to connect to the database, but you have not prohibited them from doing so.

Security should be built in each layer starting with the layer closest to the data. In the case of Oracle, you should start with database security. If you have a single user that needs some special access, they should be issued their own database account with special privileges. If your client systems have static IP addresses, you may wish to consider using the sqlnet.ora parameters TCP.VALIDNODE_CHECKING, TCP.INVITED_NODES, and TCP.EXCLUDED_NODES to control which clients are allowed to connect to your listener.

The only solution to preserve security in your case is by using appropriate database grants or roles. Anything else will not sufficiently protect your data. Generally speaking, it is bad practice to share database accounts between multiple users. You've paid for a product that includes considerable security measures, but you have to use them to protect yourself!

This was last published in April 2004

Dig Deeper on Oracle database security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide.com

SearchDataCenter

SearchContentManagement

SearchHRSoftware

Close