Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: SIEBEL Security Question
"DA Morgan" <damorgan_at_exesolutions.com> wrote in message
news:3E683A9A.1403AD43_at_exesolutions.com...
> Jim Kennedy wrote:
>
> > Set SIebel up to use an application password then they won't know the
> > password to log in.Jim
> >
> > "Paul" <me_at_yahoo.com> wrote in message
> > news:R2W9a.35640$gf7.7321977_at_news4.srv.hcvlny.cv.net...I
> > have an application which uses SIEBEL running on an 8.1.7
> > database. I want to restrict the users from accessing the
> > database with anything other than the SIEBEL Screens. For
> > example I don't want them to use their SIEBEL ids to connect
> > with SQL*Plus, Toad, Access, etc. I know that I can block
> > SQL PLUS access with the product user profile table, but
> > what about any third party products? Any suggestions
> > ? Thanks.
> > --
> > Paul S. LaBarbera
> > Oracle Certified DBA
> >
>
> Or look in v$session, see how Siebel registers itself, and write an
> AFTER LOGON trigger to dump anyone not meeting the criterion.
>
> Daniel Morgan
>
Yes, I've used that technique where the app server credentials are well known; and in practice it's worked quite well - certainly better than nothing.
It's not really sound though; certainly anyone bright enough could spoof an IP address/terminal name and network login id fairly easily.
Regards,
Paul
Received on Sun Mar 09 2003 - 14:49:25 CST