To Restricte User to Login in SQL*Plus. [message #21323] |
Fri, 26 July 2002 04:30 |
SAGGI
Messages: 3 Registered: February 2002
|
Junior Member |
|
|
how can i Restricte the user or allow some user to login in SQL*Plus ?
I have try in Login.sql but it does not allow IF condition & also try for PlSql script but it give error.
Thank in adv.
saggi.
|
|
|
|
Re: To Restricte User to Login in SQL*Plus. [message #21340 is a reply to message #21323] |
Fri, 26 July 2002 10:35 |
andrew again
Messages: 2577 Registered: March 2000
|
Senior Member |
|
|
sqlplus uses "module" in v$session to register itself when you connect. Although the user can call dbms_application_info.SET_MODULE(some_var) to overwrite the "sqlplus" label, that's probably quite unlikely. Anyway - querying v$session allows you to detect sqlplus connections that way. Don't try reading "program" as someone can just rename the executable. By monitoring connections (using a dbms_job) you can kill sessions you don't want connecting directly. Because it's a periodic job, you cant expect to kill the connections the moment they occur. In 8i you can use login triggers to kill unwanted sessions, but remember that the moment the connection is made, the "module" is still blank until the client s/w (sqlplus) sets it.
I believe 9i has multi tiered security to provide a watertight solution.
Don't focus on detecting sqlplus connections if your users are then just going to start using ODBC or something similar.
Be careful to consider sqlplus users connecting to another (allowable) database and then opening a DBlink to the db you are trying to control. I think the session (due to the dblink) in the db you are trying to control will show up as "sqlplus" even though the user connects directly only to the otrher DB.
select module, program, osuser from v$session;
|
|
|
Re: To Restricte User to Login in SQL*Plus. [message #21347 is a reply to message #21323] |
Fri, 26 July 2002 22:50 |
SAGGI
Messages: 3 Registered: February 2002
|
Junior Member |
|
|
Well i find the solution from the site
asktom.oracle.com
and i think that it is usefull .
just add following line in your login.sql
whenever sqlerror exit
variable n number
begin select 1 into :n from dual where user='SCOTT'; end;
/
it will only allow SCOTT user to login.
it will not work by connect command.
|
|
|