| TOAD Block [message #391893] |
Sat, 14 March 2009 05:28  |
razisolaris
Messages: 48
Registered: February 2008
Location: Riyadh
|
Member |
|
|
Hi,
I wanted to block TOAD client software fully so no one can access even by changing TOAD_XYZ.exe file name.
Any database trigger/script to restrict all user require.
I appreciate your valuable response.
Regards,
|
|
|
|
| Re: TOAD Block [message #391895 is a reply to message #391893] |
Sat, 14 March 2009 05:34  |
Frank
Messages: 7901
Registered: March 2000
|
Senior Member |
|
|
Restrict the users, not the tool.
What's so special about TOAD as opposed to sqlplus, SQL-Developer or PL/SQL-Developer?
|
|
|
|
| Re: TOAD Block [message #391898 is a reply to message #391893] |
Sat, 14 March 2009 05:55 |
razisolaris
Messages: 48
Registered: February 2008
Location: Riyadh
|
Member |
|
|
How can i restrict toad users by database trigger or any other script .
Previously i used below script to restrict toad.exe users, But users change toad.exe to any xyz.exe and they are able to login from toad.
SCRIPT:
======create or replace trigger ban_toad after logon on database
declare
v_sid number;
v_isdba varchar2(10);
v_program varchar2(30);
v_user varchar2(30);
begin
execute immediate 'select distinct sid from sys.v_$mystat' into v_sid;
execute immediate 'select program from sys.v_$session where sid = :b1' into v_program using v_sid;
execute immediate 'select username from sys.v_$session where sid = :b1' into v_user using v_sid;
select sys_context('userenv','ISDBA') into v_isdba from dual;
if upper(v_program) in ('TOAD.EXE','SQLPLUSW.EXE','SQLPLUS.EXE') and v_isdba = 'FALSE' and v_user not in('SYSTEM','SYS') then
raise_application_error
(-20001,'Unale to access toad',true);
end if;
end;
|
|
|
|
| Re: TOAD Block [message #391900 is a reply to message #391898] |
Sat, 14 March 2009 07:07 |
Frank
Messages: 7901
Registered: March 2000
|
Senior Member |
|
|
Again, what is so evil about TOAD. What can your user do with TOAD that he cannot do with sqlplus?
You want to revoke privileges from your user. Take a look at application roles.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: TOAD Block [message #391932 is a reply to message #391912] |
Sat, 14 March 2009 12:53 |
Frank
Messages: 7901
Registered: March 2000
|
Senior Member |
|
|
| Michel Cadot wrote on Sat, 14 March 2009 15:58 | | Frank wrote on Sat, 14 March 2009 13:07 | Again, what is so evil about TOAD. What can your user do with TOAD that he cannot do with sqlplus?
You want to revoke privileges from your user. Take a look at application roles.
|
For instance, if you request for an execution plan of a query, it does not commit and keep a transaction opened leading to other running out of space.
This does not happen with SQL*Plus and set autotrace.
Regards
Michel
|
I can do that just as easy in sqlplus.
What I was trying to make clear is that ANYTHING anybody can do in TOAD can also be done in other tools.
|
|
|
|
|
|
| Re: TOAD Block [message #391950 is a reply to message #391909] |
Sun, 15 March 2009 00:36 |
razisolaris
Messages: 48
Registered: February 2008
Location: Riyadh
|
Member |
|
|
Hi,
I appreciate all for their valuable input to me ,
Could you please define which kind of policy/procedures should be write to restrict the complete usage of TOAD by the users.
Thanks & Regards,
|
|
|
|
|
|
|
|
| Re: TOAD Block [message #391954 is a reply to message #391953] |
Sun, 15 March 2009 01:37 |
razisolaris
Messages: 48
Registered: February 2008
Location: Riyadh
|
Member |
|
|
Hi,
Again how can i write a policy(format require) to restrict all TOAD users even though they change a name of TOAD.exe file.
Regards,
|
|
|
|
|
|
| Re: TOAD Block [message #391958 is a reply to message #391956] |
Sun, 15 March 2009 02:35 |
razisolaris
Messages: 48
Registered: February 2008
Location: Riyadh
|
Member |
|
|
Hi,
At present i dont have any policy created, In group policy nothing is there , Now how to proceed further require help step by step ..........
OS:HP-UX
DB:10g Rel2
Thanks in Advance.
|
|
|
|
| Re: TOAD Block [message #391959 is a reply to message #391958] |
Sun, 15 March 2009 02:37 |
Frank
Messages: 7901
Registered: March 2000
|
Senior Member |
|
|
Let's rephrase what was said over the last zillion replies:
YOU CAN NOT.
Maybe you will understand that
|
|
|
|
|
|
| Re: TOAD Block [message #392597 is a reply to message #391893] |
Wed, 18 March 2009 10:29 |
Kaeluan
Messages: 179
Registered: May 2005
Location: Montreal, Quebec
|
Senior Member |
|
|
Here is another solution.
If you use trigger to validate if the application can connect to the database.
Instead of checking for the program name that may change if the user is renaming the EXE file. You could try to verify the module name instead. Even if you change the program name, the module name will stay the same.
Maybe it could worth a try.
Attached is the print screen of what i can see in v$session even if i rename the EXE file
Hope it help.
|
|
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
