Re: How do you restrict user from using sql-plus?

One way that I have heard of is to give the user a userid/password that is only good for the application they use (or, if it is a real Oracle userid, it has only select privs, and maybe only to the dual table). The app checks to see if that bogus userid is allowed to access to the app (Oracle roles, some app table, etc) and if so uses a real userid/password (I think the idea here was each user must have their own id to run, but the 'real' id is some mishmash of the id they entered that can not be entered from the keyboard - user enters 'user=xyz111' and the app transfigures it to 'user=x1y1z1 || x'0a'). If the user tries the bogus userid/password with anything else Oracle won't let them in, or won't let them do anything.

As I said, I have only heard about it, never tried it. Your mileage may vary. Also, I heard about it more than a week ago, so I don't remember where I heard it or from who.

"Mike F" <u518615722_at_spawnkill.ip-mobilphone.net> wrote in message news:l.1013706106.1012115478@[64.94.198.252]...
> We need to make some of our user only connect to the database through
> forms, or JDBC, but not through sqlplus, is there any way of doing that?
>
> Thanks
>
>
>
>
>
>
>
> --
> Sent by dbadba62 from hotmail within area com
> This is a spam protected message. Please answer with reference header.
> Posted via http://www.usenet-replayer.com/cgi/content/new
Received on Thu Feb 14 2002 - 16:24:39 CST