Re: restricting users

There's a couple of ways you can get around what you are trying to do.

I think in Oracle 8.1, there are triggers that fire on a login. I'm not sure the exact details, maybe someone else can elaborate?

Another way is to mask the username you are using to login. For example, when logging in, change the username before logging in. Say your username is USER1. You could create a user as USER1FO and login automatically in the app as USER1FO with a password that the user doesn't know.

Cor wrote in message <3803792F.1B0E_at_wxs.nl>...
>Hi,
>
>I'm trying to find a way to restrict users in how they can connect to
>the ORACLE database. I want them to be able to connect from applications
>only, using Forms and Reports. For security reasons, I do not want them
>to be able to connect through any other tool, especially SQL+ of course.
>
>It needs to be done on DB-level, using a trigger or something.
>
>Seems quite hard: I don't want to create a job that fires every 5
>seconds to check if there is a record in V$SESSION that has a USER
>connected with a PROGRAM that I do not allow, and than disconnects that
>session by the ALTER SYSTEM DISCONNECT SESSION (id).
>For performance-reasons, that seems a bad plan.
>
>Other ideas so far that didn't work out: AUDIT CONNECT BY (all users),
>and build a PRE-INSERT trigger on SYS.AUD$. Don't work since you can't
>put triggers on SYS"s objects. Also: AUDIT INSERT ON V$SESSION and then
>check for the right program don't work since SYS-actions can't by
>audited. Also: messing with the login-scripts for SQL+ (adding "EXIT")
>for the users won't do because users can edit those files.
>
>Well... somebody, anybody knows how to fix this?
>
>I'd be very, very thankfull for every hint.
>
>Greetings from a rainy Netherlands,
>Cor.
Received on Tue Oct 12 1999 - 21:50:28 CDT