David,
A product would have to cooperate and read PRODUCT_USER_PROFILE to do
it 'softly'. The only thing I can think of (I have implemented it many
moons ago) is to have a daemon program running on the server regularly
polling V$SESSION, and checking PROGRAM. Unfortunately, the program
name, as it appears there, is not always as significant as one would
like it to be. It sometimes is a DLL name, for instance, which then you
have to interpret as refering to a specific application; and Pro*C
programs have nothing to envy to Swiss banks about anonymity. You can
have an authorization table somewhere listing authorized (username,
program) pairs, always allow SYSTEM to do whatever it wants, etc. Be
creative. If you have code control over all authorized programs, it's
easier : you can use DBMS_APPLICATION_INFO to set proper identification.
You can then collect sid and serial# for rogue users, aim, shoot and
fire (in other words ALTER SYSTEM KILL). The snag is, firstly that the
select on V$SESSION may take 'some' time if you have thousands of users,
and secondly that somebody can creep in between polling intervals. Now
if you adjust it well it is unlikely that anybody will have time to do
much damage, and the simple existence of such a program may be a good
deterrent (when you have been killed a couple of times you rarely
insist).
--
Regards,
Stephane Faroult
email: sfaroult_at_oriolecorp.com
Oriole Corporation
Voice: +44 (0) 7050-696-269
Fax: +44 (0) 7050-696-449
Performance Tools & Free Scripts
------------------------------------------------------------------
http://www.oriolecorp.com, designed by Oracle DBAs for Oracle DBAs
------------------------------------------------------------------
>
> Is there a way of restricting users from using MS Access, or any specific
> program, from getting into the database?
>
>
> --
> Author: Olson, David
Received on Fri Apr 28 2000 - 03:44:58 CDT
