Home > Ask the Oracle Database / Applications Experts > Questions & Answers > Forbid database access from SQL*Plus
Ask The Oracle Expert: Questions & Answers
EMAIL THIS

Forbid database access from SQL*Plus

Dan Norris EXPERT RESPONSE FROM: Dan Norris

Pose a Question
Other Oracle Categories
Meet all Oracle Experts
Become an Expert for this site
>
QUESTION POSED ON: 19 May 2004
I have an 8i database and anyone can login from my application, but problems arise when they start logging in from SQL*Plus. I used PUP (product_user_profile) table to forbid them from using SQL*Plus commands, and it worked fine, but now I discovered they are logging in to my system from ODBC! What can I do?

>
If it were my application, my first choice would be to use the database security that Oracle provides (i.e. separate user accounts and use database roles and grants along with VPD functionality if necessary). That way, you don't need to be concerned with *how* they connect to the database since all the security for your application is in the database anyway.

If that's not possible (for instance, with some COTS applications), you may be able to utilize a login trigger to check what application the user used to connect and force their session to be disconnected if they use anything other than your desired application.

One other technique I have seen is to create a password-enabled role that has all the application privileges in it and enable that role with your application only. That way, if users connect to the database as the application user, they have no privileges unless they enable the role (which would require a password that only your application knows).


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Oracle White Papers: Fusion Middleware
HomeNewsTopicsTipsAsk the ExpertsMultimediaWhite PapersProductsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts