| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to stop access to prod instance ...
Rich,
This will stop the casual user, but someone armed with a little knowledge and a determination to get in will figure out that all they need to do is change the name of the executable.
You can stop most people, but not someone really determined to get into the database.
Jared
"Jesse, Rich"
<Rich.Jesse_at_qti To: Multiple recipients of list ORACLE-L
<ORACLE-L_at_fatcity.com>
world.com> cc:
Sent by: Subject: RE: How to stop access to prod
instance ...
root_at_fatcity.co
m
01/04/02 07:30
AM
Please respond
to ORACLE-L
Raj,
You don't say what version, but in 8i you should be able to use a
database-level trigger at LOGON and the SYS_CONTEXT function to check the
client info. If you can't use SYS_CONTEXT, you can always query V$SESSION
matching USERENV('SESSIONID') to the AUDSID column to get the PROGRAM
column
to verify access by user, osuser, and client program. e.g.:
SELECT program
FROM SYS.V_$SESSION
WHERE audsid = USERENV('SESSIONID');
Not having tried this, you may have to grant explicit access on V_$SESSION because it's accessed from within the DB trigger (roles are not enabled in procedures, right?). Try it! ;)
Pre-8i, you *might* be able to obfuscate the login by changing the port on
the listener (from 1521 to something else) and adding a local TNSNAMES.ORA,
but I'm not sure how you'd handle the client side if you want Forms, but
not
TOAD.
Good luck! :)
Rich Jesse System/Database Administrator Rich.Jesse_at_qtiworld.com Quad/Tech International, Sussex, WIUSA -----Original Message-----
How does one stop access to prod instance by any product other than
supplied
homegrown Forms application?
I mean no sqlplus, toad, tora and similar tools and their renamed
derivatives?? All this needs to be done for all users incl developers
except
DBAs.
Thanks in advance
Raj
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: Rich.Jesse_at_qtiworld.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-LReceived on Fri Jan 04 2002 - 13:16:54 CST
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
 |
 |