Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: logon trigger - getting program version information of application connecting

Re: logon trigger - getting program version information of application connecting

From: <OracleSupport-dropthis_at_shaw.ca>
Date: Tue, 16 Mar 2004 07:03:06 GMT
Message-ID: <r08d50lbh7k83435n23tmg04skrgona0pi@4ax.com> 





On Mon, 15 Mar 2004 10:18:32 -0000, "Niall Litchfield"
<n-litchfield_at_audit-commission.gov.uk> wrote:



>Do the users have their own oracle accounts or is there one for the app. We

>have the same problem with the latter scenario and just change the db

>password and only distribute the password to new releases - done at install

>of new release time.




There are two levels of security (if you can call it that).



The first level is handled by the application which stores a userid,
password combination for each user and a few other details in an
encrypted file outside the database. The second level connects all
users to the databases with a single (schema) password. I believe this
was a carry over from the initial application design when it didn't
use Oracle at all. The developers must have felt it was too much work
to do the security properly (or a nice way to cut corners and reduce
costs).



As the application does the "real" security check, changing the schema
password has no effect on the users as long as they get authenticated
by the front end.



Our stats today showed an abysmal 75% success rate for the workstation
upgrades. This means I have some 100+ workstations with the wrong
version. I ended up forcing the group that looks after the front end
security to disable all userid's. When a user calls support to gain
access, their machine is checked to ensure it has the right version
before access is granted. The user is also told that they must only
use the machine which is checked / assigned to them, and they must
call support before using any other machine to run the application.



I also wrote a logon trigger to dump the workstation id so it could be
checked against another checking program that can verify client
version information. It's after the fact, but if we find a problem, at
least I can recover to point in time. Hopefully we'll have the
remaining workstations upgraded within a couple days.



Working with these types of applications certainly make the job more
challenging.



Regards,



Brad
Received on Tue Mar 16 2004 - 01:03:06 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US