| Summary: | In this paper we are presenting a new way to disable DDL statements on some specific PL/SQL procedures to a dba user in the Oracle database. Nowadays dba users have access to a lot of data and source code even if they do not have legal permissions to see or modify them. With this method we can disable the ability to execute DDL and DML statements on some specific pl/sql procedures from every Oracle database user even if it has a dba role. Oracle gives to developer the possibility to wrap the pl/sql procedures, functions and packages but those wrapped scripts can be unwrapped by using third party tools. The scripts that we have developed analyzes all database sessions, and if they detect a DML or a DDL statement from an unauthorized user to procedure, function or package which should be protected then the execution of the statement is denied. Furthermore, these scripts do not allow a dba user to drop or disable the scripts themselves. In other words by managing sessions prior to the execution of an eventual statement from a dba user, we can prevent the execution of eventual statements which target our scripts.
|
|---|