RE: Prevent connections for some users through SQL*Plus, TOAD
Date: Tue, 3 Jun 2008 11:47:54 -0700 (PDT)
Message-ID: <754885.7451.qm@web80606.mail.mud.yahoo.com>
How about check v$session.module instead of program? It's much harder to hack
that, especially on recent versions of Toad. This question was asked before.
See
http://groups.google.com/group/comp.databases.oracle.server/browse_frm/thread/6eedd341d44157be
Not directly related. I've looked into the toad.exe before. See http://yong321.freeshell.org/oranotes/ToadAndAlternatives.html
Sql*Plus is of course easy to stop.
Yong Huang
> Subject: RE: Prevent connections for some users through SQL*Plus, TOAD
> Date: Mon, 2 Jun 2008 14:14:04 +0100
> From: "John Hallas" <john.hallas_at_bjss.co.uk>
>
> If you search the archives for logon trigger and TOAD you will see quite
> a few examples of useful code.
>
> The biggest problem is that there is nothing stop a user renaming
> toad.exe to fred.exe which bypasses the trigger.
>
> I have sent a e-mail with a post that is in my archives which provides
> some good.
>
> John
> www.jhdba.wordpress.com
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Jun 03 2008 - 13:47:54 CDT