Re: How to disable '$' DCL shell?

From: Steve Frampton <frampton_at_vicuna.ocunix.on.ca>
Date: Sat, 07 Nov 92 21:02:10 EST
Message-ID: <B7DwTB3w165w_at_vicuna.ocunix.on.ca>

Steve Frampton <frampton_at_vicuna.ocunix.on.ca> wrote:

> Hi everyone:
>
> I would like to find out how to disable the '$' shell to DCL from SQLPLUS
> for the comp. services dept. _at_ my place of employment. This seems to be
> somewhat of a security hole and if there is a simple way to disable users
> from accessing it how is it done?

As promised, I am following up here with a summary. Special thanks to all who responded:

	sinha_at_bms.com, rsingi_at_penuts.enet.dec.com, rwk_at_netcom.com,
	hatzinger_m_at_bmwf1f.bmwf.gv.at, jbennett_at_netcom.com,
	andy_at_homebase.vistachrome.com

	...and anyone else who happened to respond just during or after

I put together this followup.

Although the above people could have told me to RTFM (someone told me that the information was in Appendix E of the SQL*Plus manual -- but gave me the pertinent information anyways), they were all very helpful, telling me basically to add an entry to the 'PRODUCT_USER_PROFILE' table to disable any required commands for unauthorized users.

The trick is to log into ORACLE as system and insert the required info into the table similar to:

insert into PRODUCT_USER_PROFILE

	    (PRODUCT,USERID,ATTRIBUTE,CHAR_VALUE)
values      ('SQL*Plus','OPS%','HOST','DISABLED');

'SQL*Plus' must be entered in exactly as shown, and the userid as well as the attribute (command) must be entered in uppercase. The userid may be a specific userid, or wildcards can be used as well.

To re-enable a command simply delete the row from the database.

It was also suggested that I should make sure other users do not have access to the PRODUCT_USER_PROFILE table or they would be able to simply circumvent any changes made!

Thanks again for all the timely and helpful responses!

+-----------------------------------------------+--------------------+
| Steve Frampton - frampton_at_vicuna.ocunix.on.ca | Steve Frampton     |
| I collect postcards!  If you send me one from | 501-A Princess St. |

+-----------------------------------------------+--------------------+

Received on Sun Nov 08 1992 - 03:02:10 CET

This message: [ Message body ]
Next message: Javier H. Seen: "*** WANTED: Testing Tools for HyperCard/ORACLE Environment ***"
Previous message: Joe Fulson-Woytek: "Getting out of Monitor Message-ID: <1992Nov6.175911.20759_at_nsisrv.gsfc.nasa.gov>"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message