| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Using TOAD on production databases
Rich,
Why in the world go through all of this?
Why not do it the right way?
Why not use Oracle security as it is designed - do not grant any more access
than a person needs.
I'll bet you a $100. Go ahead and set up security based on denial of access from Toad. Give me an Oracle account with full access to the database. And I'll be selling your database's data on e-bay in about 10 minutes.
It is simply foolish to attempt to apply security policy on an Oracle database based on the tool that a person connects with. Foolish and a waste of time.
Hope this helps.
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
From: Jesse, Rich [mailto:Rich.Jesse_at_quadtechworld.com]
Sent: Tuesday, August 17, 2004 2:52 PM
To: oracle-l_at_freelists.org
Subject: RE: Using TOAD on production databases
Quick thought: Install TOAD on network-only as read-only, then use a logon trigger on production to deny all other versions of TOAD, which now can be done by checking the MODULE column of V$SESSION. There are probably holes there, but it's just a quick thought. Now back to hacking 9.2.0.1 client to actually install (again)...
Rich
-----Original Message-----
Sent: Monday, August 16, 2004 6:03 PM
Subject: Re: Using TOAD on production databases
The production issue is one of the main reasons we developed our freeware tool SchemaSurf (the other requirement being web-based). Although it doesn't claim anywhere near-like the industrial strength that Toad has, it does provide developers with read-only access to production data/models. TOAD is a great tool, but with Sarbanes-Oxley, it's critical that appropriate procedures are in place (so we can all go break them!)
SchemaSurf has been installed in more than 50 countries, and we had numerous folks at OAUG shows etc tell us that they use TOAD for dev/test and SchemaSurf for prod. Made their management very happy .... and DBA's were able to control access via tns/name servers etc. since SchemaSurf doesn't use SQL*Net/Net8.
It's at http://www.cobblesoft.com/schemasurf/ for anyone interested.
Regards,
Richard J Stevenson
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.htmlput 'unsubscribe' in the subject line.
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request_at_freelists.org
 |
 |