|
We used to have roles enabled by application front
end . That was not secure . Then oracle provided passwords for role . We
embedded passwords into apps . They say its still not secure .
Now go for contexts and enable policies.
In oracle 9i you can have global context which can
be enabled by any session . Now here i am confused ..
How does this thing is secure, cuz any session can
say my context is "MANAGER' or "CLERK" or whatever . Isn't it back to the roles
initially where any session can say heyyy enable role "MANAGER" ( offcourse if
its granted ).
-ak
|
