Fw: Securing the database from "rogue" developers using tools like MS Access

Fw: Securing the database from "rogue" developers using tools like MS Access

 

  


DB2 Governer looks like it can be a great tool, but there doesn't seem to
be much info available.

Are there any good books, PDFs, etc. that cover the use of the Governor?

I'd like to be able to permit only certain applications to access the
database.

However, I need to allow myself to run application development programs
such as VB, but prevent others from doing so.

Tony

==============================
Anthony Schmidt
President
The Computery Ltd.
One East Main Street
Bay Shore, NY 11706

631-665-8100 Voice
631-969-5988 Fax

http://www.computeryltd.com
----- Forwarded by Anthony Schmidt/BayShore/SGU_LN on 04/30/2005 03:13 PM
-----

Anthony
Schmidt/BayShore/
SGU_LN To
"BILL"
04/28/2005 05:10 <BILL.[Email address protected]
PM cc

Subject
Re: Securing the database from
"rogue" developers using tools like
MS Access(Document link: AJS -
Computery)









Bill:

I'm using LUW 8.2

The Governer sounds like a good approach. However, I don't mind it if there
are "rogue" MS Access users accessing the database as long as they can't
run the stored procedures I've established for Insert/Update/Delete.

Is there some way to catch calls to stored procedures from msaccess.exe but
allow table Selects with msaccess.exe where the user has that privilege?

We have a new Comptroller who just loves to use MS Access for "reporting".
But I want to be able to prevent him from making unitentional or malicious
changes to the database. I am sure there will be others in administrative
positions who have just enough knowledge to be dangerous who will be a
threat to the integrity of the database.

Tony

==============================
Anthony Schmidt
President
The Computery Ltd.
One East Main Street
Bay Shore, NY 11706

631-665-8100 Voice
631-969-5988 Fax

http://www.computeryltd.com



"BILL"
<BILL.[Email Address Removed]
hoenixwm.com> To
[Email address protected]
04/28/2005 03:55 cc
PM
Subject
Re: Securing the database from
"rogue" developers using tools like
MS Access










**A LazyDBA.com subscriber has responded to your lazydba.com post**
**LazyDBA.com mail shield has forwarded you this email,
**and removed any attachments, and kept your email address secret
**from this person, and any viruses/trojans.
**If you reply to this email, the person will see your email address as
normal
**Anything below this line is the original email text



Are you talking about DB2 mainframe, or DB2 LUW? I've used the governor on
DB2 LUW to force any "msaccess.exe" thread that it sees, that worked like a
charm.

-------------------------------------------------------
Bill Gallagher
Database Administrator
Information Technology
Phoenix Life Insurance Company
860-403-6327
bill.[Email address protected]



|---------+--------------------------------------------------------->
| | "Anthony Schmidt " |
| | <db2udbdba-ezmlmshield-x83592943.[Email Address Removed] | azyDBA.com> |
| | |
| | 04/28/2005 02:47 PM |
| | |
|---------+--------------------------------------------------------->
>-----------------------------------------------------------------------------------------------|

|
|
| To: "LazyDBA Discussion" <[Email address protected]
|
| cc:
|
| Subject: Securing the database from "rogue" developers using
tools
like MS Access |
>-----------------------------------------------------------------------------------------------|





I posted a question regarding this about a month ago and there seemed to
be three solutions to this.

One was using application security - but this doesn't support tracking
updates by user name
Two was using a broker application to track application usage - but this
requires the purchase of a third party program
Three was to provide only Select privileges to the users, but use stored
procedures to provide Insert/Update/Delete capablities.

I'd like to use the option #3, but it occurred to me that users can still
run the stored procedures with "rogue" applications they may write. Is
there any way to prevent that?

Tony

==============================
Anthony Schmidt
President
The Computery Ltd.
One East Main Street
Bay Shore, NY 11706

631-665-8100 Voice
631-969-5988 Fax

http://www.computeryltd.com

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________


---------------------------------------------------------------------
PLEASE CLICK REPLY-ALL TO SEND A REPLY TO EVERYONE
website: http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html








***********************************************************************************

CONFIDENTIAL: This communication, including attachments, is intended only
for
the exclusive use of addressee and may contain proprietary, confidential
and/or privileged information. If you are not the intended recipient, you
are
hereby notified that you have received this document in error, and any use,
review, copying, disclosure, dissemination or distribution is strictly
prohibited. If you are not the intended recipient, please notify the sender
immediately by return e-mail, delete this communication and destroy any and
all copies of this communication.

***********************************************************************************










______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________

DB2 & UDB email list listserv db2-l LazyDBA home page