Re: Restrict TOAD from accessing a DB?

navaed7024_at_hotmail.com (E. Navarro) wrote in message news:<b86354ef.0303051201.34b7908e_at_posting.google.com>...
> Oracle EE 8.1.7.4
> Sun OS 5.7
>
> All,
>
> Does anyone know of a solution to prevent users from logging into a
> database with certain applications. In my case, I want to prevent users
> from logging into our production databases using TOAD.
>
> I can monitor who is logging in and how they are logging in using OEM,
> but what I would like is to be alerted the second someone tries to log
> in using TOAD. Can this be done?
>
> TIA,
> Daniel N.
> Oracle DBA

You can check for v$session for module = 'T.O.A.D', or if the user hasn't renamed the toad program name, program = 'TOAD.exe', and kill the session. But it's trivial to even change the binary toad.exe to hide the 'T.O.A.D' string. Open it with a binary file editor, or even a text editor that is binary-file friendly such as (g)vim. Find the string "begin sys.dbms_application_info.set_module('T.O.A.D.', null); end;" and replace 'T.O.A.D' with any 7 character long string. In a nutshell, there's no absolute way to prevent it. You may better off block connections from any terminal other than designated ones using $TNS_ADMIN/protocol.ora (or .protocol.ora if it's before 8.1.6.2).

If you wish to use product_user_profile table to restrict connections from third party tools such as Toad, it's not possible. That table can only block sqlplus connection.

Yong Huang Received on Wed Mar 05 2003 - 17:20:37 CST