[Previous entry: "An interesting SQL Injection paper"] [Next entry: "More SQL Injection: A paper on Oracle SQL Injection by Stephen Kost"]
creating read only tables
October 20th, 2004 by PeteI saw a good thread yesterday morning on comp.databases.oracle.server where the poster wanted to know if it is possible to create a read-only table. Some great ideas were suggested, from the basics of restricting privileges, triggers to capture the changes, DDL triggers even a great idea involving disable validate constraint. This stops DML from taking place. There was also a suggestion from Howard Rogers about using a read only tablespace and a read-only datafile. Some of the ideas involving triggers have issues as sqlldr can bypass the triggers. I suggested some ideas on grants and also to use Row Level Security. It seems from this very interesting thread that its almost impossible to make a table truly read only for a long period of time. It is possible to do it over shorter periods if users can be prevented from making silent changes to reverse the read-only status. This potential functionality could be a useful addition for Oracle to consider in the future, true read only tables.
