Re: Replacing OPS$ accounts

• From: Yechiel Adar <adar666@xxxxxxxxxxxx>
• Date: Sun, 13 Jun 2010 10:19:54 +0300

In this case I think a login trigger is in order.

Create a login trigger that will allow login only from specific machines and only from the application program.

I know, this will not stop a user who know that he can copy sqlplus.exe to the application program name, but this will stop most regular users.

Adar Yechiel
Rechovot, Israel



Blanchard, William wrote:

"I not sure that you have stated what you are trying to achieve here" Good question ;-). It's Friday and I need a beer ;-). We have remote_os_authent set to true so that the application -- on a different server -- can authenticate the users once they have logged into the application (an SSO of sorts). I guess what I'm really looking for is the "best practice" to secure the database given the constraints of having the OPS$ accounts. I don't mind if the users can get into the database via the application, the issue is that this also means they can log into the db using sqlplus, etc.

WGB

• References:
  • Replacing OPS$ accounts
    • From: Blanchard, William
  • RE: Replacing OPS$ accounts
    • From: Blanchard, William

Other related posts:

• » Replacing OPS$ accounts - Blanchard, William
• » Re: Replacing OPS$ accounts - Stephane Faroult
• » Re: Replacing OPS$ accounts - Mayen . Shah
• » RE: Replacing OPS$ accounts - Blanchard, William
• » RE: Replacing OPS$ accounts - Blanchard, William
• » RE: Replacing OPS$ accounts - D'Hooge Freek
• » RE: Replacing OPS$ accounts - Mayen . Shah
• » RE: Replacing OPS$ accounts - Johnson, William L (TEIS)
• » RE: Replacing OPS$ accounts - Blanchard, William
• » Re: Replacing OPS$ accounts - Yechiel Adar

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription