Granting access through specific applications

Hello,

I want to grant users access to an oracle database while they are using a forms 4.5 application, while at the same time denying them access through others tools or applications. For instance, i do want a user to be able to connect by using the application, but they are not allowed to connect using sql*plus, oracle navigator or another forms 4.5 application with which they could do damage to the data (either or not on purpose).

Now, Oracle documentation suggests using the 'set role' command during the startup of the approved application, thus enabling roles that are necessary for using the application. Other tools or programs that connect to oracle do not perform that startup so the user isn't allowed to use any database object. This solution however has some major drawbacks: it requires hardcoding a password into the application (which is bothersome if done safely), it slows down the startup-process, it might not be usable with other applications that also need the roles enabled, and does not prevent users from connecting using unapproved applications or tools.

Also, this is a client-based solution, while i'm really looking for a serverbased solution, which checks the conditions under which a user tries to connect to the database and refuses access (disconnects) if the used application is not allowed. A serverbased approach is inherently safer than a clientbased solution.

Does anyone have a - preferably serverbased - solution for this?

tia,

Ben Thoolen Received on Sat Apr 04 1998 - 00:00:00 CEST