DBAsupport.com Forums - Powered by vBulletin
Results 1 to 6 of 6

Thread: Get a grip on unauthorize connections

  1. 10-02-2002, 02:17 PM #1
    farrokhp
    farrokhp is offline Senior Member
    Join Date
    Nov 2000
    Posts
    416
    We have Oracle 8.0.5 on NT at the moment. So we don't have logon trigger feature. I want to have an strategy that avoid some users to do anything.
    I want to :

    1- If anybody connect via system/manager send her a message and lock her connection.

    2- For specific terminal / workstations apply some restriction.

    Is it possible? How?

    An ounce of prevention is worth a pound of cure
    Reply With Quote Reply With Quote
  2. 10-02-2002, 03:04 PM #2
    stecal's Avatar
    stecal
    stecal is offline Senior Advisor
    Join Date
    May 2002
    Posts
    2,645
    1. Why not simply change the password for system so non-authorized users cannot login as system (or sys while you're at it)?

    2. So user A is "blocked" from doing certain things from workstation ABC. What prevents A from going to workstation DEF to do (or attempt it) what he/she wanted to do at ABC? You can't control workstation AND users that way. You can control users. What if you needed to do something at ABC but had blocked yourself (or anyone for that matter) from doing it (not that this feature even really exists)?
    Reply With Quote Reply With Quote
  3. 10-02-2002, 04:16 PM #3
    farrokhp
    farrokhp is offline Senior Member
    Join Date
    Nov 2000
    Posts
    416

    I can not change system/manager at the moment. So much politics and signitures require. I want to trap intrutive users. Please point out and expolain how?

    It should be a script or something to trigger that.
    An ounce of prevention is worth a pound of cure
    Reply With Quote Reply With Quote
  4. 10-02-2002, 05:26 PM #4
    stecal's Avatar
    stecal
    stecal is offline Senior Advisor
    Join Date
    May 2002
    Posts
    2,645
    System (and sys) is a privileged user. He's like the general in Stratego (sys is the field marshall). Now how is Oracle supposed to know you are an "authorized" privileged user connecting as system as opposed to an "unauthorized" privileged user connecting as system?

    Politics and signatures involved to protect system's password? Can't help you there. You have bigger problems than just Oracle database administration.

    All sessions can be captured via auditing. That should be a good starting place for you.
    Reply With Quote Reply With Quote
  5. 10-02-2002, 06:14 PM #5
    stecal's Avatar
    stecal
    stecal is offline Senior Advisor
    Join Date
    May 2002
    Posts
    2,645
    You can refuse a connection from a host via a logon trigger. With some code modification, you could write triggers that prevent DML by checking the host (as an example).

    See the article at asktom.oracle.com
    http://asktom.oracle.com/pls/ask/f?p...0_P8_DISPLAYID,F4950_P8_CRITERIA:871003242230,
    Reply With Quote Reply With Quote
  6. 10-03-2002, 02:26 AM #6
    jmodic
    jmodic is offline Super Moderator
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Originally posted by stecal
    You can refuse a connection from a host via a logon trigger.
    He specified in his original post he has 8.0.5, so no luck with logon triggers....
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Click Here to Expand Forum to Full Width