Re: Block connection from SQL developer

From: Dave Morgan <oracle_at_1001111.com>
Date: Sun, 13 Mar 2022 09:42:02 -0600
Message-ID: <acf01e96-7414-b767-523d-29fa457190c8_at_1001111.com>

The only practical way to control connection level access is with a logon trigger supported with automated auditing and monitoring. Limitations based on hostname and/or IP address can also be set in sqlnet.ora.

In my environment the issue is developers who "have to" connect to production to "do their job".
So, I do not return any errors I use a sleep(6000) call in the trigger. It is hard to complain about a problem when you should not be there

As to the fact a logon trigger can easily be circumvented, the main purpose is to prevent mistakes, not defend against a malicious insider. A DBA level scheduled query against dbms_application_info will catch most of those who figure changing a client string to connect to production is a good idea. Security is multiple levels, putting a simple lock on a door to protect children (developers) from themselves is a basic safety precaution.

Dave Morgan
Senior Consultant, 1001111 Alberta Limited dave.morgan_at_1001111.com
403 399 2442

--

http://www.freelists.org/webpage/oracle-l Received on Sun Mar 13 2022 - 16:42:02 CET

This message: [ Message body ]
Next message: Mladen Gogala: "Re: Block connection from SQL developer"
Previous message: Mladen Gogala: "Re: Block connection from SQL developer"
Maybe in reply to: Krishnaprasad Yadav: "Block connection from SQL developer"
Next in thread: Mladen Gogala: "Re: Block connection from SQL developer"
Reply: Mladen Gogala: "Re: Block connection from SQL developer"
Reply: Frank Gordon: "Re: Block connection from SQL developer"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message