Re: session control

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Sun, 22 Dec 2002 13:22:16 +0100
Message-ID: <v0bd5jt1rgkrad_at_corp.supernews.com>


[Quoted] "pradip_chanda" <member_at_dbforums.com> wrote in message news:2310094.1040545277_at_dbforums.com...
>
> I have an application (IDS -Forms) ithrough which when a user logs in ,
> gets permission to insert/update tables. But this permission he does not
> have otherwise. This was done so that a user is not able to edit tables
> through any applicationsn (e.g. sqlplus) other than the forms.
>
> But if the user has already got a running session through the above
> mentioned application he can login & edit tables through 'sqlplus'. This
> I don't want. By database is Oracle 8i Enterprise Edition 8.1.7.
>
> Any idea!
>
> --
> Posted via http://dbforums.com

1 - use the product_profile feature, still present in sql*plus to disable it completely
2 set the init.ora parameter resource_limit to true, so you can CREATE PROFILE to limit the number of sessions per user and the number of logins 3 Make sure RI is enforced in the database instead of the application, so people using sql*plus can't do any harm
4 deinstall sql*plus from all systems that don't need it. 5 get some treatment for your symptoms of paranoia. If your application is secure and you only allow access to users with legitimate rights, and your privileged accounts are secure, there is nothing to worry about.

--
Sybrand Bakker
Senior Oracle DBA

to reply remove '-verwijderdit' from my e-mail address
Received on Sun Dec 22 2002 - 13:22:16 CET

Original text of this message