Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Reject user connect to database via SQL*PLUS ??
Another approach entirely is one which is used
by my friend at a large, major ISP.
Although it takes more planning and thought,
it is pretty secure...
The actual password is not the password the user types. (Alternatively, you could alter the userid, but this is more visible by anyone). Say for example you decide to add 'xyz' to any user password. This means that the application must be smart enough to have a change password feature, and a logon box...It must intercept the user's logon and concatenate the characters.
Disadvantages: Takes thought and programming effort. Advantages: Virtually locks out all other forms of connection to Oracle other than through your controlled application.
Robert Proffitt
Beckman Coulter
RTProffitt "AT" beckman "DOT" com
Sent via Deja.com http://www.deja.com/
Before you buy.
Received on Tue Oct 19 1999 - 10:36:41 CDT