Re: logon trigger - getting program version information of application connecting

Hi

have a look at my first newsletter on my website which discusses some ideas on how to block SQL*Plus it may give you some ideas, its at http://www.petefinnigan.com/newrecent.htm - one extra thought would be to create an external procedure or use java in your logon trigger to access the OS and read the size of the binary - This obviously would depend on the binary being on the server - i guess it is probably on the client...:-(

Another thought, if possible would be to use the client_identifier field set with the DBMS_SESSION.SET_IDENTIFIER or the client_info, module or action fields set with dbms_application_info procedures. Any of these fields can then be read in the logon trigger from v$session. The big problem is getting the client to call these procedures first?? - maybe..... if you cannot change the application your users must execute the application from a menu item or from a shortcut - you could replace the shortcut or menu with a call to a simple batch script that executes first a check on the binary and aborts or logs onto the database and sets the version stuff as above and the db connection would abort if its wrong - the first option is best though just alter the menu or shortcut and abort if wrong binary and print a message to contact support.

hth

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.