Rich,
This will stop the casual user, but someone armed with a little knowledge
and a determination to get in will figure out that all they need to do is
change the name of the executable.
You can stop most people, but not someone really determined to get
into the database.
Jared
"Jesse, Rich"
<Rich.Jesse@qti To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
world.com> cc:
Sent by: Subject: RE: How to stop access to prod
instance ...
[EMAIL PROTECTED]
m
01/04/02 07:30
AM
Please respond
to ORACLE-L
Raj,
You don't say what version, but in 8i you should be able to use a
database-level trigger at LOGON and the SYS_CONTEXT function to check the
client info. If you can't use SYS_CONTEXT, you can always query V$SESSION
matching USERENV('SESSIONID') to the AUDSID column to get the PROGRAM
column
to verify access by user, osuser, and client program. e.g.:
SELECT program
FROM SYS.V_$SESSION
WHERE audsid = USERENV('SESSIONID');
Not having tried this, you may have to grant explicit access on V_$SESSION
because it's accessed from within the DB trigger (roles are not enabled in
procedures, right?). Try it! ;)
Pre-8i, you *might* be able to obfuscate the login by changing the port on
the listener (from 1521 to something else) and adding a local TNSNAMES.ORA,
but I'm not sure how you'd handle the client side if you want Forms, but
not
TOAD.
Good luck! :)
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech International, Sussex, WI
USA
-----Original Message-----
Sent: Friday, January 04, 2002 8:35 AM
To: Multiple recipients of list ORACLE-L
How does one stop access to prod instance by any product other than
supplied
homegrown Forms application?
I mean no sqlplus, toad, tora and similar tools and their renamed
derivatives?? All this needs to be done for all users incl developers
except
DBAs.
Thanks in advance
Raj
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
