RE: Using TOAD on production databases
- From: "Mercadante, Thomas F" <thomas.mercadante@xxxxxxxxxxxxxxxxx>
- To: "'oracle-l@xxxxxxxxxxxxx'" <oracle-l@xxxxxxxxxxxxx>
- Date: Tue, 17 Aug 2004 14:59:25 -0400
Rich,
Why in the world go through all of this?
Why not do it the right way?
Why not use Oracle security as it is designed - do not grant any more access
than a person needs.
I'll bet you a $100. Go ahead and set up security based on denial of access
from Toad. Give me an Oracle account with full access to the database. And
I'll be selling your database's data on e-bay in about 10 minutes.
It is simply foolish to attempt to apply security policy on an Oracle
database based on the tool that a person connects with. Foolish and a waste
of time.
Hope this helps.
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
From: Jesse, Rich [mailto:Rich.Jesse@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 17, 2004 2:52 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: Using TOAD on production databases
Quick thought: Install TOAD on network-only as read-only, then use a logon
trigger on production to deny all other versions of TOAD, which now can be
done by checking the MODULE column of V$SESSION. There are probably holes
there, but it's just a quick thought. Now back to hacking 9.2.0.1 client to
actually install (again)...
Rich
-----Original Message-----
Sent: Monday, August 16, 2004 6:03 PM
Subject: Re: Using TOAD on production databases
The production issue is one of the main reasons we developed our freeware
tool SchemaSurf (the other requirement being web-based). Although it
doesn't claim anywhere near-like the industrial strength that Toad has, it
does provide developers with read-only access to production data/models.
TOAD is a great tool, but with Sarbanes-Oxley, it's critical that
appropriate procedures are in place (so we can all go break them!)
SchemaSurf has been installed in more than 50 countries, and we had numerous
folks at OAUG shows etc tell us that they use TOAD for dev/test and
SchemaSurf for prod. Made their management very happy .... and DBA's were
able to control access via tns/name servers etc. since SchemaSurf doesn't
use SQL*Net/Net8.
It's at http://www.cobblesoft.com/schemasurf/ for anyone interested.
Regards,
Richard J Stevenson
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx put
'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
