Results 1 to 5 of 5
  1. #1
    Join Date
    Dec 2002
    Posts
    6

    Unanswered: block developer tools

    How DBA will Block Forms & Report Developer from Client machines/user? After logon on database/schema does fails to identify logged-on application from v$session as program & module columns remains null for Forms & Report Developer & so is for Forms & Reports Runtime.

  2. #2
    Join Date
    Nov 2003
    Posts
    2,935
    Provided Answers: 12
    Quote Originally Posted by pradip_chanda View Post
    How DBA will Block Forms & Report Developer from Client machines/user?
    The only way to do this properly is to give the users the correct privileges.

    After logon on database/schema does fails to identify logged-on application from v$session
    Don't use v$session for this.
    The client provides the information that is shown there, so I could make my own program appear as "sqlplus.exe" or "MyWeirdname"

    Using v$session for security aspects is not going to work. Never.

  3. #3
    Join Date
    Dec 2002
    Posts
    6
    in 9.2 you can fool the system that way if you choose 'program' but not if you choose 'module' col of v$session. But, for SQL*Plus we have the option of disabling a host of commands including exec, select, update, insert, delete etc. through product_user_profile under the SYSTEM schema.

    My problem is with the applications e.g. Oracle Forms Developer that leaves a null value in 'program' as well as 'module' column.

  4. #4
    Join Date
    Nov 2003
    Posts
    2,935
    Provided Answers: 12
    Quote Originally Posted by pradip_chanda View Post
    My problem is with the applications e.g. Oracle Forms Developer that leaves a null value in 'program' as well as 'module' column.
    No, your problem is that you are building your security around a completely unsafe information.

    If you build your security concept on that, then you don't have a security concept at all.
    Using information from v$session to restrict access is completely unsafe and unreliable. Period.

    You might be interested in this discussion:
    Ask Tom "How do i prevent end users from connecti..."

  5. #5
    Join Date
    Dec 2002
    Posts
    6
    Yeah. I have seen that & a number of such threads from 'Ask Tom'. But, I have not gone through FGAC. Can you suggest How to address my security concerns (specifics) through FGAC?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •