Comments on: Restrict network access to listener

by: laurentschneider

Fri, 30 Mar 2007 10:41:46 +0000

you could create a logon trigger to check this,

create trigger NOTOAD after logon on database begin
if (sys_context('userenv','module')='TOAD') then 
raise_application_error(-20001,'Please no toad yet, try again later');
end;
/

and enable this trigger during peak hours

Do you want that

by: laurentschneider

Fri, 30 Mar 2007 09:01:18 +0000

no, you cannot check the application used with a sqlnet.ora setting

by: Bhavesh Marolia

Fri, 30 Mar 2007 08:23:23 +0000

Hi,
Is there any way that we can restrict access to particular .exe ’s like TOAD.exe , or PLSQLDEV.exe. This are being used by the users to fire huge select query’s during peak hours.
Can we restrict such exe’s so, if yes than how can this be done.
Thanks,

by: laurentschneider

Sat, 09 Dec 2006 15:41:14 +0000

well, a db user is identified by the db , so it has to connect thru the listener before being authentifcated

by: olivier

Sat, 09 Dec 2006 10:18:41 +0000

hello,

in the same idea i was wondering if it possible to restrict access to listener not for db clients but for db users?
i mean user scott can only connect to port 1520?

thanks

by: Laurent Schneider

Thu, 23 Nov 2006 22:59:00 +0000

yes, one application server, one enterprise manager grid control, one database server is fine. More is headache.

Since it is in sqlnet.ora, a single client addition means restarting all the listeners from that oracle home (no reload of course)

Exclude_node also exists, for example to prevent some ugly developer to use toad

by: Marco Gralike

Thu, 23 Nov 2006 21:35:00 +0000

It could have been a great feature.

Its great, if you want to delimit database access only to, for instance, your application server.

It would have been even greater, if you could use wild cards like 10.10.10.*, but alas, you can’t.

by: Laurent Schneider

Thu, 23 Nov 2006 05:36:00 +0000

ocm maybe

by: Vidya Balasubramanian

Thu, 23 Nov 2006 03:08:00 +0000

Laurent,
TCP/IP node checking works welll if we have a small list. The last time when I implemented node checking , I had a huge list of AP addresses and eventually it became quite a headache to maintain this list and to keep track of who had access to which database? —>is there a better way we can do this assuming we have a huge list.