Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Restrict certain database access using 3rd party tools.

RE: Restrict certain database access using 3rd party tools.

From: Boivin, Patrice J <BoivinP_at_mar.dfo-mpo.gc.ca>
Date: Tue, 08 Oct 2002 10:34:16 -0800
Message-ID: <F001.004E36E8.20021008103416@fatcity.com> 





http://www.orsweb.com/downloads/source/440.html



I don't think this would prevent determined people from logging in though.



IP addresses, machine names and program names can all be spoofed.



Patrice Boivin


Systems Analyst (Oracle Certified DBA)


Systems Admin & Operations | Admin. et Exploit. des systèmes
Technology Services        | Services technologiques
Informatics Branch         | Direction de l'informatique 
Maritimes Region, DFO      | Région des Maritimes, MPO





E-Mail: boivinp_at_mar.dfo-mpo.gc.ca






-----Original Message-----


Sent: Tuesday, October 08, 2002 2:54 PM


To: Multiple recipients of list ORACLE-L




Just deny login if your trigger does not know the program.



Check the archives for example scripts for login triggers.



Yechiel Adar


Mehish


----- Original Message -----


To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
Sent: Thursday, October 03, 2002 8:08 PM




> Oups ! you're right.

>  --- Kevin Lange <kgel_at_ppoone.com> a écrit : > Except

> for the fact that they could always change

> > the program name that they

> > are running to match what you need.   Then that

> > security is bypassed.

> >

> >

> >

> > -----Original Message-----

> > Sent: Thursday, October 03, 2002 11:08 AM

> > To: Multiple recipients of list ORACLE-L

> >

> >

> > In homemade applications, by default users have a

> > role

> > with read only, in the applications we change the

> > default role that allows insert, update, delete.

> >

> > I've not tested this scenario but how about if, in a

> > database logon trigger, you check the

> > v$process.program field then depending of that value

> > you may be able to change the user default's role.

> >

> > Should work on 8i using dedicated connection.

> >

> >

> >  --- Rick_Cale_at_teamhealth.com a écrit : > Hi All,

> > >

> > > We have users that have OPS$ accounts that have

> > full

> > > DML privs when they

> > > run forms application via citrix. Currently they

> > do

> > > not have sqlplus,etc.  There is a requirement that

> > > some can have

> > > sqlplus,toad,etc.  I know you can set up security

> > > for sqlplus,etc

> > > using product_user_profile but is there a way to

> > > allow only SELECT when

> > > using a 3rd party tool such as TOAD.

> > >

> > > Thanks

> > > Rick

> > >

> > >

> > >

> > > --

> > > Please see the official ORACLE-L FAQ:

> > > http://www.orafaq.com

> > > --

> > > Author:

> > >   INET: Rick_Cale_at_teamhealth.com

> > >

> > > Fat City Network Services    -- 858-538-5051

> > > http://www.fatcity.com

> > > San Diego, California        -- Mailing list and

> > web

> > > hosting services

> > >

> >

> ---------------------------------------------------------------------

> > > To REMOVE yourself from this mailing list, send an

> > > E-Mail message

> > > to: ListGuru_at_fatcity.com (note EXACT spelling of

> > > 'ListGuru') and in

> > > the message BODY, include a line containing: UNSUB

> > > ORACLE-L


> > > (or the name of mailing list you want to be

> > removed

> > > from).  You may

> > > also send the HELP command for other information

> > > (like subscribing).

> >

> > =====

> > Stéphane Paquette

> > DBA Oracle, consultant entrepôt de données

> > Oracle DBA, datawarehouse consultant

> > stephane_paquette_at_yahoo.com

> >

> >

> ___________________________________________________________

> > Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et

> > en français !

> > Yahoo! Mail : http://fr.mail.yahoo.com

> > --

> > Please see the official ORACLE-L FAQ:

> > http://www.orafaq.com

> > --

> > Author: =?iso-8859-1?q?paquette=20stephane?=

> >   INET: stephane_paquette_at_yahoo.com

> >

> > Fat City Network Services    -- 858-538-5051

> > http://www.fatcity.com

> > San Diego, California        -- Mailing list and web

> > hosting services

> >

> ---------------------------------------------------------------------

> > To REMOVE yourself from this mailing list, send an

> > E-Mail message

> > to: ListGuru_at_fatcity.com (note EXACT spelling of

> > 'ListGuru') and in

> > the message BODY, include a line containing: UNSUB

> > ORACLE-L


> > (or the name of mailing list you want to be removed

> > from).  You may

> > also send the HELP command for other information

> > (like subscribing).

> > --

> > Please see the official ORACLE-L FAQ:

> > http://www.orafaq.com

> > --

> > Author: Kevin Lange

> >   INET: kgel_at_ppoone.com

> >

> > Fat City Network Services    -- 858-538-5051

> > http://www.fatcity.com

> > San Diego, California        -- Mailing list and web

> > hosting services

> >

> ---------------------------------------------------------------------

> > To REMOVE yourself from this mailing list, send an

> > E-Mail message

> > to: ListGuru_at_fatcity.com (note EXACT spelling of

> > 'ListGuru') and in

> > the message BODY, include a line containing: UNSUB

> > ORACLE-L


> > (or the name of mailing list you want to be removed

> > from).  You may

> > also send the HELP command for other information

> > (like subscribing).


>




> =====

> Stéphane Paquette

> DBA Oracle, consultant entrepôt de données

> Oracle DBA, datawarehouse consultant

> stephane_paquette_at_yahoo.com


>


> ___________________________________________________________



> Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !

> Yahoo! Mail : http://fr.mail.yahoo.com

> --

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> --

> Author: =?iso-8859-1?q?paquette=20stephane?=

>   INET: stephane_paquette_at_yahoo.com


>


> Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> San Diego, California        -- Mailing list and web hosting services

> ---------------------------------------------------------------------



> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Yechiel Adar
  INET: adar76_at_inter.net.il

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Boivin, Patrice J
  INET: BoivinP_at_mar.dfo-mpo.gc.ca

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Oct 08 2002 - 13:34:16 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US