Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Disabling access of third party products

RE: Disabling access of third party products

From: Jared Still <>
Date: Thu, 6 Jul 2000 10:20:14 -0700 (PDT)
Message-Id: <>


We've considered that method, and I believe one app here actually uses it.

There is however a risk there that you need to be aware of.

The application name can easily be spoofed in one of 2 ways:

  1. rename an executable that connects to the database
  2. register the app name via DBMS_APPLICATION_INFO.


On Wed, 5 Jul 2000, Larry G. Elkins wrote:

> Bruce,
> That is one of the things that I have been thinking about, and, was crossing
> my mind when I made the reply. I originally had it in there as a
> possibility; but, since I hadn't done it before, I left it out (I have 8.1.6
> here at home; but, the current production environment I work in is
> I was trying to be as brief as I could (for me anyway); but, I *had* a
> question in there at the end, before severely cutting down the response,
> asking if anyone had tried the approach with a LOGON trigger determining the
> tool. I can be soooo wordy and want to explain everything that I find myself
> composing 3 page replies to a simple question. I then edit everything down
> to just those things that I know and can easily explain. And even then I
> make mistakes and provide a long reply (like this one).
> Thanks for bringing that up because it is something that I have wondered
> about; but, never had the chance to try. It seems like a really good idea. I
> would like to hear if other people have used the LOGON trigger approach for
> this purpose.
> Regards,
> Larry G. Elkins
> The Elkins Organization Inc.
> 214.954.1781
> -----Original Message-----
> Bruce (CALBBAY)
> Sent: Wednesday, July 05, 2000 9:04 PM
> To: Multiple recipients of list ORACLE-L
> Larry,
> An addition to this might be to create a login trigger that checks if the
> user is connecting via an authorised program.
> If the user is not connecting via such a program (eg if connecting via SQL
> Plus) then the trigger could disconnect them.
> I'm not sure but this may be only easily possible under 8i.
> Someone else may be able to help with the code for such a trigger.
> Regards,
> Bruce Reardon
> Analyst / Programmer
> Comalco Aluminium (Bell Bay)
> --
> Author: Larry G. Elkins
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).

Jared Still
Certified Oracle DBA and Part Time Perl Evangelist ;-) Regence BlueCross BlueShield of Oregon Received on Thu Jul 06 2000 - 12:20:14 CDT

Original text of this message