2007/12/05

TRIGGER LOGON ON DATABASE

NOTE: dba and sysdba will bypass all of the logon triggers.

CREATE OR REPLACE TRIGGER LOGON_DB_TRIGGER
AFTER LOGON ON DATABASE
BEGIN
FOR rec in (select username,program,SYS_CONTEXT('USERENV','IP_ADDRESS') ip from v$session
where audsid = userenv('sessionid')) loop
IF rec.IP = 'xxx.xxx.xxx.xxx' AND rec.USERNAME = 'HR' AND upper(rec.program) in ('MSACCESS.EXE','SQLPLUSW.EXE','JREW.EXE','MSEXCEL.EXE')
THEN
EXIT;
ELSIF upper(rec.program) in ('MSACCESS.EXE','SQLPLUSW.EXE','JREW.EXE','MSEXCEL.EXE') THEN
raise_application_error(-20001,'Access Deny');
END IF;
END LOOP;
END;

http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)