Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Is there a way to do this?
Jim Kennedy wrote:
> Won't work. I just change the name of my program and then I am in.
> Jim
>
> --
> Replace part of the email address: kennedy-down_with_spammers_at_attbi.com
> with family. Remove the negative part, keep the minus sign. You can figure
> it out.
> "FC" <flavio_at_tin.it> wrote in message
> news:h9Kua.66220$3M4.1599946_at_news1.tin.it...
> >
> > There is the possibility of using a database event trigger (LOGON) in
> > conjuction with V$SESSION, a view that holds information like the name of
> > the executable program currently connected as demonstrated below:
> >
> > CREATE OR REPLACE
> >
> > Trigger WatchDog after logon on database
> >
> > declare
> >
> > num_sid v$session.sid%type;
> >
> > num_serial# v$session.serial#%type;
> >
> > var_program v$session.program%type;
> >
> > begin
> >
> > select sid, serial#, program
> >
> > into num_sid, num_serial#, var_program
> >
> > from v$session
> >
> > where audsid = sys_context('USERENV', 'SESSIONID');
> >
> >
> > If lower(var_program) = 'ciccio.exe' then
> >
> > Raise_application_error(-20999, 'Cannot logon using this application');
> >
> > End if;
> >
> > end;
> >
> > This must be compiled as user SYS.
> >
> > In this fashion, a client user running ciccio.exe, will receive an error
> > upon connecting.
> >
> > You may want to build a list of allowed programs instead, so you won't
> have
> > to know in advance the name of the forbidden application, the example
> given
> > is just to test the functionality of the trigger.
> >
> >
> > Bye,
> > Flavio
> >
> >
> >
> >
While Jim is technically correct the technique is still 99% successful in that to rename the application presumes that the end-user knows why they were denied access.
The solution is as follows:
1. Get management's agreement of a one warning zero tolerance policy.
2. Implement the AFTER LOGON trigger solution giving no error message to the
user but logging their attempt
and disabling their account for 2+ days to prevent another immediate attempt
3. As soon as it happens the offender is called into H.R. and told the next time
they lose their job
4. Make sure everyone else in the company/department knows happened
5. Send the offender out the door if they try a second time
Without management's support it won't work. But then again trying to implement a security policy if management won't support it is doomed too.
-- Daniel Morgan http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Fri May 09 2003 - 08:22:34 CDT