In this case I think a login trigger is in order.Create a login trigger that will allow login only from specific machines and only from the application program.
I know, this will not stop a user who know that he can copy sqlplus.exe to the application program name, but this will stop most regular users.
Adar Yechiel Rechovot, Israel Blanchard, William wrote:
"I not sure that you have stated what you are trying to achieve here" Good question ;-). It's Friday and I need a beer ;-). We have remote_os_authent set to true so that the application -- on a different server -- can authenticate the users once they have logged into the application (an SSO of sorts). I guess what I'm really looking for is the "best practice" to secure the database given the constraints of having the OPS$ accounts. I don't mind if the users can get into the database via the application, the issue is that this also means they can log into the db using sqlplus, etc.WGB