We know DRM uses a schema for its repository and schema owner has more privileges (table,procedure,trigger etc ). so a hacker can take advantage of this situation to gain access to the information stored in DRM.
One way to resolve this would be to create another schema (drm_user) and grant this user select,insert,update,delete,create index privileges on drm_owner schema and use this drm_user schema in the configuration.
Issue: one issue in this approach is to tell drm to use drm_owner.<object name> name format to access the database objects and there is no way to do it in DRM.
Solution:
Luckily oracle has a on-logon trigger where we can set the current_Session to DRM_OWNER.
How to do?
1. Create a schema (DRM_USER).
2. Grant Select,Insert,Update,Delete,Create Index for DRM_USER on DRM_OWNER.
3. Login to DRM_USER Schema
4. Create a trigger. check the trigger code below
create or replace trigger drm_user.after_logon_trig
AFTER LOGON ON drm_user.SCHEMA
BEGIN
DBMS_APPLICATION_INFO.set_module(USER,'Initialized');
EXECUTE IMMEDIATE 'ALTER SESSION SET current_schema=DRM';
END;
5.Open DRM Configuration Console
6. Change the repository database to DRM_USER schema.
7. Restart the application.
8. Test
No comments:
Post a Comment