I think you can use login trigger to reject all login that does not come
with program = 'COLD FUSION' (or whatever the program name is for this
product).
You can also allow login from any program to specific user, i.e. DBA.
As for using an application user instead of individual users, we are
doing it from the start.
The problem is that someone needs to know the password and he can do
whatever he wants to the data.
We are going to go with Oracle Advance Security, with enterprise users,
linked to MS AD, so the users will login with their own userid and
password and will have the same access to the data, no matter what toll
they use.
Adar Yechiel Rechovot, Israel
Vanessa A. Simmons wrote:
We are considering a change to the way our users access the database and our applications. We would like to make sure that users are getting to the data through the applications only and not using external tools (i.e. SQL*Plus) to access the database directly with the hopes that this will help us to further secure our databases.
-- //www.freelists.org/webpage/oracle-l
