User Profiles  «Prev 

Limiting access to PL/SQL

Remember, most SQL statements can be executed from the context of a PL/SQL block, and PL/SQL blocks can be executed from SQL*Plus. Therefore, if you limit a user’s access to a particular SQL command but allow the user access to the BEGIN, DECLARE, and EXECUTE commands, a determined user could simply couch a SQL statement in the context of a PL/SQL block.
If you are limiting access to any SQL commands, you should also limit access to these PL/SQL commands–or else you are depending on the lack of sophistication of your user for your security.