ODBC Security Documentation
Hi,
we have a developped an Access-application that links through ODBC to the Oracle-database of the SAP-system of our clients (always read-only access). Some of the DBA's of our clients don't like ODBC however and have several objections to it. I think that none of them are correct but since I never worked on the Oracle-side, I wonder what you think of them. I also wonder where I can find some official Oracle documentation on it so I can proove my counterarguments.
The most important objections are:
- via ODBC you can access all the tables and data present in the database
=> I think that when you want to access the Oracle-database via ODBC you still need to create the user on Oracle-level and so you can use the Oracle-security to restrict the user to see only certain tables and make all the data read-only by creating the appropriate views in Oracle. Hence the Oracle security is not at all bypassed and the DBA can still perfectly manage the rights of the ODBC-users.
- when you launch the "wrong" query you can put the whole Oracle-database down
=> I think that the Oracle-database will always prevent this. Probably there will be some setting as the timeout-time to prevent overloading of the database-server
=> is this actually a danger when using pass-through queries for example?
- accessing the Oracle-database via ODBC reduces the performance of the Oracle Database
=> I think that accessing the Oracle-database via ODBC has no worse implications on performance than when you request data via SAP for example. However I wonder if there's a way to set something like priorities when capacity is low so that for example SAP-requests get priority on ODBC-requests?
I've been using ODBC on Oracle now for 3 years and have never experienced any problems. However I wonder if there are some risks involved in it. The access we need via ODBC to the Oracle-database is always read-only.
Thanks a lot in advance for your help!
Greetings,
Dirk