of list ORACLE-L [EMAIL PROTECTED]
cc:
Subject:RE: Restricting access via sqlplus
To prevent these kinds of problems, the only solution I've ever thought
was feasible was how we implemented it at a previous company of mine.
Our solution:
Each user would be granted a role
Hi Jacques,
It sounds like the encrypted password is read by the client? and
decrypted on the client? or in the database as a package procedure?. If
it was decrypted in the client and then the set role command was sent to
the database the password could be read from the network with a tool
such
The problem is that if the decryption and set role were done inside a database
package, then that means that the Oracle database user needs execute privilege on the
package, and so the user could call the package from inside SQL*Plus on the client.
At my old company they were talking about
We use a similar process for several of our in-house applications. The users
get an Oracle id that only has create session. The application prompts for
the users username and password and attempts to login to the database. If
the login succeeds the application closes the connection and then logs
Title: RE: Restricting access via sqlplus
Something what I have used in past ...
DROP TABLE SYSTEM.SQLPLUS_COMMANDS CASCADE CONSTRAINTS
/
CREATE TABLE SYSTEM.SQLPLUS_COMMANDS
(
COMMAND VARCHAR2(20 BYTE) NULL
)
TABLESPACE TOOLS
PCTUSED 0
PCTFREE 10
INITRANS 1
MAXTRANS 255
STORAGE
Hi!
I think sqlplus product profile isn't a good idea, because some smarter ones
might be using TOAD, SQL Navigator or SQL Worksheet... What you might want
to do is to write an after logon trigger which checks the app name from
v$session and allows logon if and only if app name
INSERT INTO system.sqlplus_product_profile (userid, attribute, char_value)
VALUES (oracle_user_name, 'CONNECT', 'DISABLED')
/
Works for us. Most people can't connect via SQL*Plus. I can connect to the
production database under my own username, but not perform other DML such as
updates, because
Title: RE: Restricting access via sqlplus
Tanel,
If I change TOAD.EXE to TODD.EXE, this scheme fails instantly ...
Raj
Rajendra dot Jamadagni at nospamespn dot com
All Views expressed in this email
Title: RE: Restricting access via sqlplus
Hi!
No, if you code your trigger to check if the
program is your apps name, then renaming TOAD to TODD doesn't change
anything.
But of course if you change TOAD to your apps name,
then this scheme fails. But as I stated, these kinds of methods only
To prevent these kinds of problems, the only solution I've ever thought was feasible
was how we implemented it at a previous company of mine.
I think this kind of solution was discussed on the list many months ago.
Problem description at my previous company:
We had a two-tier application
To prevent these kinds of problems, the only solution I've ever thought was feasible
was how we implemented it at a previous company of mine.
I think this kind of solution was discussed on the list many months ago.
Problem description at my previous company:
We had a two-tier application
11 matches
Mail list logo