Re: How to trap the user's login program and disallow if Windows based?

Andy wrote:

> Oracle RDBMS V8.0.6 on Solaris 2.7
>
> I can remember that there is a way to trap the program name a user is
> logging into the database with, and disallow it if it is something
> like TOAD or ACCESS.
>
> Here is the problem:
>
> We have an application which connects into the database with the
> password hard-coded and which everyone knows. This application userid
> is also the schema owner. The developers also use TOAD. We can change
> the application password but it is hard coded in plain text and
> everyone knows how to see it. So the Developers have a habit of
> signing on to TOAD as the application owner and therefore have total
> access to the tables.
>
> I know that I can create a trigger at logon to run some SQL, but
>
> 1. Not sure if it works on the V806 we are running.
> 2. Don't know how to code it.
>
> So, I want it to go -
>
> login - check program name - if user = schema.owner and program !=
> program.name then kill session (and maybe issue a nasty message).
>
> Does anyone have an example of this I can use?
>
> Thanks.

Use a logon SYSTEM trigger and take a look in v_$session.

Daniel Morgan Received on Tue Jun 04 2002 - 18:31:25 CDT