Re: Replacing OPS$ accounts

From: Yechiel Adar <adar666_at_inter.net.il>
Date: Sun, 13 Jun 2010 10:19:54 +0300
Message-id: <4C14869A.4090808_at_inter.net.il>



In this case I think a login trigger is in order. Create a login trigger that will allow login only from specific machines and only from the application program.

I know, this will not stop a user who know that he can copy sqlplus.exe to the application program name, but this will stop most regular users.

Adar Yechiel
Rechovot, Israel

Blanchard, William wrote:
>
> "I not sure that you have stated what you are trying to achieve here"
> Good question ;-). It's Friday and I need a beer ;-).
>
>
>
> We have remote_os_authent set to true so that the application -- on a
> different server -- can authenticate the users once they have logged
> into the application (an SSO of sorts). I guess what I'm really
> looking for is the "best practice" to secure the database given the
> constraints of having the OPS$ accounts. I don't mind if the users
> can get into the database via the application, the issue is that this
> also means they can log into the db using sqlplus, etc.
>
>
>
>
>
> WGB
>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Sun Jun 13 2010 - 02:19:54 CDT

Original text of this message