Re: Restriction on sqlplus access

Paul Drake wrote:

> "Jerry" <JerryB_at_hotmail.com> wrote in message news:<zhRba.205141$na.8035421_at_news2.calgary.shaw.ca>...
> > hi,
> >
> > any way to prevent user to connect to oracle via sqlplus?
> >
> > the table product_user_profile seems to only disable some commands within
> > sqlplus, but I want to set restriction on log in.
>
> as a matter of fact, I was reading some code in Geoff Ingram's "High
> Performance Oracle" book on the train ride home this evening.
>
> a logon trigger and a targeted drop table combined with auditing
> provided quite an elegant solution to blocking (and logging) attempted
> sessions by sqlplus and MS access. I believe that he recommended
> sending a message via dbms_alert to a session that is just there to
> kill sessions. You have to admit, its pretty funny to have a logon
> trigger send a message that says "kill session", sid, serial# to a
> session killer listening for such alerts.
>
> I'd say that the addition an email notification to the site security
> officer would be a nice touch, but that is getting into BOFH land ...
>
> Further bonus points would be to add the ip_address of the perpetrator
> to the protocol.ora (sqlnet.ora in 9i) to the list of excluded_nodes.
>
> I haven't read enough chapters yet to recommend the book, (on chap 6)
> but so far its been a very good read.
>
> Paul

If you think that's a bit much try this one that I've done.

Let them log on. Then simultaneously notify security and alter things such that they are looking at phony tables with phony data intended to keep them occupied until the authorities show up.

Daniel Morgan Received on Fri Mar 14 2003 - 00:27:24 CST