Re: Block connection from SQL developer
Date: Sun, 13 Mar 2022 09:42:02 -0600
Message-ID: <acf01e96-7414-b767-523d-29fa457190c8_at_1001111.com>
The only practical way to control connection level access is with a
logon trigger supported with automated auditing and monitoring.
Limitations based on hostname and/or IP address can also be set in
sqlnet.ora.
In my environment the issue is developers who "have to" connect to
production to "do their job".
As to the fact a logon trigger can easily be circumvented, the main
purpose is to prevent mistakes, not defend against a malicious insider.
A DBA level scheduled query against dbms_application_info will catch
most of those who figure changing a client string to connect to
production is a good idea. Security is multiple levels, putting a simple
lock on a door to protect children (developers) from themselves is a
basic safety precaution.
YMMV
--
Dave Morgan
--
So, I do not return any errors I use a sleep(6000) call in the trigger.
It is hard to complain about a problem when you should not be there
Dave
Senior Consultant, 1001111 Alberta Limited
dave.morgan_at_1001111.com
403 399 2442
http://www.freelists.org/webpage/oracle-l
Received on Sun Mar 13 2022 - 16:42:02 CET