| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent somebody logging in with SQL/Plus?
[This followup was posted to comp.databases.oracle.server and a copy was sent to the cited author.]
In article <34f13917.259361810_at_firewall.celltech>, jpetts_at_celltech.co.uk
says...
> Hi
>
> Is it possible to prevent somebody getting access to a database with
> SQL/Plus? I'm looking for the sort of solution that will check all new
> sessions to the database and disallow connection if the program
> being used to connect is SQL/Plus. I know that the program is
> available in v$session(program) but I'm not sure about how I would
> go about terminating a session. I envisage having a table of those
> users authorised to used SQL/Plus which would be checked before
> a session would be terminated.
Two things missing, A) you didn't say WHEN/HOW you want your users to access the database and B) putting fences and safeguards around SQL*Plus doesn't keep an end users from installing some other SQL interface to access the database...something like Access, or some ODBC driver, etc., etc.
The best solution I can think of is remove connect privs from the user accounts default schema, this will prevent them from accessing the database. In your application, password protect the profile which includes connect privs and allows them to access the system. Thus, allowing them to ONLY access the database through your application. The secret is to make sure the users don't see the form's code containing the password.
 |
 |