How about check v$session.module instead of program? It's much harder to hack that, especially on recent versions of Toad. This question was asked before. See http://groups.google.com/group/comp.databases.oracle.server/browse_frm/thread/6eedd341d44157be Not directly related. I've looked into the toad.exe before. See http://yong321.freeshell.org/oranotes/ToadAndAlternatives.html Sql*Plus is of course easy to stop. Yong Huang > Subject: RE: Prevent connections for some users through SQL*Plus, TOAD > Date: Mon, 2 Jun 2008 14:14:04 +0100 > From: "John Hallas" <john.hallas@xxxxxxxxxx> > > If you search the archives for logon trigger and TOAD you will see quite > a few examples of useful code. > > The biggest problem is that there is nothing stop a user renaming > toad.exe to fred.exe which bypasses the trigger. > > I have sent a e-mail with a post that is in my archives which provides > some good. > > John > www.jhdba.wordpress.com -- //www.freelists.org/webpage/oracle-l