Re: How to Forbid sqlplus connecting to ORACLE

"Sybrand Bakker" <gooiditweg_at_sybrandb.demon.nl> wrote in message news:bk71fv89489fmbf00ubpgr79o9u9t8gqos_at_4ax.com...
> On Wed, 18 Jun 2003 16:56:35 +0800, "Grant" <goddabao_at_yahoo.com>
> wrote:
>
> Guess you don't have any integrity defined in the database. You should
> resolve that issue instead of resorting to figthing symptoms. How
> would you think a DBA is going to administrate the database. Through
> your client application?
>

This, IMHO, is the point, and the entire point, and has been for many years.

The database should not care in the slightest whether it is being accessed through the 'application', TOAD, M$Access, SQL*Plus or anything else. What matters is that the API the database exposes is a level playground.

Unfortunately these days, so many third party applications have excessive privileges on the database, and these applications assume that because they have their own 'security' routines, the database is protected.

This has been, is, and always will be nonsense.

There are certain counter-measures we can take to try to protect the database (logon triggers restricting app servers to connecting from named terminals help somewhat), but as Sybrand says, until we address the primary issue, there is no real solution.

Regards,
Paul Received on Wed Jun 18 2003 - 14:46:54 CDT