Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to stop access to prod instance ...

RE: How to stop access to prod instance ...

From: Mercadante, Thomas F <NDATFM_at_labor.state.ny.us>
Date: Fri, 04 Jan 2002 08:42:06 -0800
Message-ID: <F001.003E6F4F.20020104073025@fatcity.com> 






Raj,



The short answer is - you can't.  Oracle, being as open as it is, is
available for anyone who has an account by any software that can call it


(even ms Excel!).  There are just too many tools that use ODBC to try and

stop them all.



The long answer is to change your forms application so that it hides the
real user account and password from the user.



for example:  Say a user starts the form and logs-on as raj/rajpw.  This raj
account would have access to a stored procedure that reads a database table
to retrieve another oracle account/password (say raj$/raj$pw).  The form
then disconnects and re-connects as this user.  This user (raj$) has the
real access to the db tables that the application needs.



Of course, someone who knows oracle can figure this scheme out and crack the
password, but the normal person would not know.



Another way to do this: At my prior employer, we found that we could write a
'C' program that could link with the forms run-time libraries.  The 'C'
program was run by the users, and it actually ran the startup form and
performed the connection to a private Oracle account.  Access within the
application was controlled by menus and the users System account id.



hope this helps.



Tom Mercadante


Oracle Certified Professional




-----Original Message-----


Sent: Friday, January 04, 2002 9:35 AM


To: Multiple recipients of list ORACLE-L




How does one stop access to prod instance by any product other than supplied
homegrown Forms application? 



I mean no sqlplus, toad, tora and similar tools and their renamed
derivatives?? All this needs to be done for all users incl developers except
DBAs.



Thanks in advance


Raj




Rajendra Jamadagni              MIS, ESPN Inc.
Rajendra dot Jamadagni at ESPN dot com


Any opinion expressed here is personal and doesn't reflect that of ESPN Inc.



QOTD: Any clod can have facts, but having an opinion is an art!


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Mercadante, Thomas F
  INET: NDATFM_at_labor.state.ny.us

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Fri Jan 04 2002 - 10:42:06 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US