Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Preventing logins from applications

Re: Preventing logins from applications

From: Joe Testa <>
Date: Tue, 28 Aug 2001 03:45:17 -0700
Message-ID: <>

we have prevented DML, but not selects, we didnt much care about selects but changes were not allowed except thru the app.

we used the procedure set_client_info, read_client_info which are part of the dbms_application_info package, here is the 10 second guide to implementation:

this assumes you can alter the app.

  1. your app upon login to the database calls the set_client_info with some "key", it can be 40 bytes and we usually made it 40 random characters.
  2. a table exists with one or more "valid key"
  3. a before insert,update,delete trigger exists on every table that you want to have security on, it read the client info(via read_client_info proc), compares it to legal values in the "valid key" table. If it matches, drop out of the trigger, if it does not match, raise an exception, stating invalid appl for updates, notify.......
  4. We used this not only as a way to make sure only certain apps could update, but when we put out a new version, we changed the key, and didnt let the old version into the database to do updates, since we removed the old keys from the tables.

If you want to see some specifics of how we did it, email me direct.

Denham Eva wrote:
> Hi Gurus
> Has anyone ever had to prevent users from accessing the Database from other
> applications other than those sanctioned by the company.
> ie prevent users accessing the database using Microsoft's Access and yet
> still be able to access via the company application which also uses ODBC.
> OR preventing users accessing the DB via sqlplus but still through the app.
> I would appreciate any knowledge that can be shared on this topic.
> Many Thanks
> Denham

Joe Testa  
Performing Remote DBA Services, need some backup DBA support?
For Sale: domain, its not going cheap but feel free to
ask :)
IM: n8xcthome or joen8xct
Please see the official ORACLE-L FAQ:
Author: Joe Testa

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Aug 28 2001 - 05:45:17 CDT

Original text of this message