restricting users

Hi,

I'm trying to find a way to restrict users in how they can connect to the ORACLE database. I want them to be able to connect from applications only, using Forms and Reports. For security reasons, I do not want them to be able to connect through any other tool, especially SQL+ of course.

It needs to be done on DB-level, using a trigger or something.

Seems quite hard: I don't want to create a job that fires every 5 seconds to check if there is a record in V$SESSION that has a USER connected with a PROGRAM that I do not allow, and than disconnects that session by the ALTER SYSTEM DISCONNECT SESSION (id). For performance-reasons, that seems a bad plan.

Other ideas so far that didn't work out: AUDIT CONNECT BY (all users), and build a PRE-INSERT trigger on SYS.AUD$. Don't work since you can't put triggers on SYS"s objects. Also: AUDIT INSERT ON V$SESSION and then check for the right program don't work since SYS-actions can't by audited. Also: messing with the login-scripts for SQL+ (adding "EXIT") for the users won't do because users can edit those files.

Well... somebody, anybody knows how to fix this?

I'd be very, very thankfull for every hint.

Greetings from a rainy Netherlands,
Cor. Received on Tue Oct 12 1999 - 13:08:48 CDT