Checking Module to Prevent SQL Plus usage on Database
I have a question regarding logon triggers checking against SYS_CONTEXT('USERENV', 'MODULE'). I created a logon trigger that looks for SYS_CONTEXT('USERENV', 'MODULE') = 'SQLPLUS.EXE'
and if it matches then it only allows specified users to log in to the database. This code works but I am confused as to why when I check SYS_CONTEXT('USERENV', 'MODULE') after I login in
shows SQL*Plus which clearly does not match my IF statement in my logon trigger.
Second issue. If I rename sqlplus.exe to jeff.exe and run it I am abled to log in to the database as a non DBA user. But the module still shows as SQL*Plus. Why is this?
Database Version: 11.2.0.2 64bit
OS: Windows Server 2003 R2
Client: 11.2.0.1
/*********************Create Trigger******************************/
CREATE OR REPLACE TRIGGER application_check_al
after logon ON database
DECLARE
l_username VARCHAR2(20);
l_module VARCHAR2(20);
BEGIN
l_username := SYS_CONTEXT('USERENV', 'SESSION_USER');
l_module := UPPER(SYS_CONTEXT('USERENV', 'MODULE'));
IF l_module LIKE 'SQLPLUS.EXE' AND
l_username NOT IN ('SYS', 'SYSTEM', 'DVOWNER', 'DVMGR') THEN
raise_application_error(-20001, 'SQLPLUS ACCESS RESTRICTED FOR NON DBA USERS');
END IF;
END application_check_al;
/*********************Run SQLPLUS******************************/
SQL*Plus: Release 11.2.0.1.0 Production on Wed Mar 7 12:22:23 2012
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Enter user-name: jeffc@dev
Enter password:
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: SQLPLUS ACCESS RESTRICTED FOR NON DBA USERS
ORA-06512: at line 10
Enter user-name: system@dev
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
With the Partitioning, OLAP, Data Mining, Oracle Database Vault
and Real Application Testing options
system@dev> select sys_context('USERENV','MODULE') from dual;
SYS_CONTEXT('USERENV','MODULE')
SQL*Plus
SQL>
jeff81 wrote:
That doesn't make sense. Why am I able to log in when I renamed the exe? And why does the module still show as SQL*Plus?You are right - it does not make sense. The idea that Oracle might perhaps set module to SQLPLUS.EXE on executable start, and then re set from SQLPLUS.EXE to SQL*Plus after connect, or in glogin.sql, to ensure it is consistent across all operating system never crossed my mind.
You might want to refer to Support Note "SQL*Plus Session/Module is Not Showing in V$SESSION" [ID 1312340.1] to see whether anything in there helps. I'm pretty sure http://docs.oracle.com/cd/E11882_01/server.112/e16604/ch_twelve040.htm#i2698573 doesn't help much, though.
I'd certainly be raising it with Support as a potential security challenge, to get that potential hole closed.
Edited by: Hans Forbrich on Mar 7, 2012 2:23 PM
I wonder whether Oracle put that capability in there - if an untained SQLPLUS.EXE, it tells you that it is SQLPLUS.EXE, but if renamed it tells you 'SQL*Plus'? Specuklation, but it is one thing I might do to subtly raise the flag. Best bet - ask Support.
Edited by: Hans Forbrich on Mar 7, 2012 2:29 PM
Similar Messages
-
Problem in starting SQL*PLUS in oracle database 10g
Hi
Well I am facing one problem while starting SQL*PLUS in oracle database 10g
ERROR - "Procedure entry point longjmp could not be located in dynamic link library orauts.dll"
This has happened when I installed Oracle Database 11g on same machine and when I deinstalled Oracle 11g then SQL*PLUS is started...no error came
Can anybody tell me the reason please...hi
pls im having the same problem but in my own case i installed oracle apex using 11g.
im env variable is:
C:\Oracle\product\10.1.0\Client_1\bin;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin\client;C:\Oracle\product\10.1.0\Client_1\jre\1.4.2\bin;C:\app\Xty\product\11.2.0\dbhome_1\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\
pls which is my apex_home so i can interchange it?
i also have oracle 10g client installed -
Limitation in using sql *plus as a database for applications
dear experts;
I would like to know all, what are some of the major limitations in using sql*plus as your database in designing application besides the fact the user-interface is not friendly enough..and google is not producing relevant answers to my questions by the way unfortunatelyuser13328581 wrote:
I know about the drivers, I just need an IDE very similar to PL/SQL developer that will give me an opportunity to create the tables and their relationships and perform other DDL tasks that is why initially i was just wondering whether it is okay to utilize sql*plus for all that...SQLPlus can process any valid sql statement. Actually, it will pass anything that is not a sqlplus command to the database to be processed. The database will process any valid sql statement and pass the result back to the client to do with as the client sees fit - the client being sqlplus in this case.
Which is exactly what SQL Developer does. You say you want something "very similar to PL/SQL developer ". Why not SQL Developer itself?
It sounds like you continue to confuse the database with the client application. ("what are some of the major limitations in using sql*plus as your database ...", "I need an oracle database which can be integrated with visual studio ")
The database has no user interface at all. It accepts connection requests from clients, processes sql statements (or pl/sql blocks) passed from those clients and returns results to those clients. Those clients could be sqlplus, SQL Developer, Toad, Visual Basic, Access, Excel, or any number of other products -- all connecting to the same database at the same time, to do whatever they are programmed to do. You want to develop an app in visual studio? Be my guest. You want to use SQL Developer to create the tables, etc, needed by the app? Go right ahead. They are not mutually exclusive. You want to use sqlplus as well? Go ahead, it's the same database, just a different client app. -
Access database issue in SQL Plus
Hi Friends,
I download a oracle 10g to install sql Plus without create database. (I download client and does not find SQL Plus)
I can ping database server from client PC and also set up a TNS.
However I got a error ORA 12504 --TNS:listener was not start.
I can access database by sql plua from server side. I do not think we need to put a listener file in client PC under admin path.
my database set as RAC module and system as window 2003
how to fix this issue?
Thanks,
JImOK, just to be clear, you have a single client machine where you have installed something with the 10g label. Are you saying that you installed the Oracle database bits, but did not create a database? Rather than doing a client-only install? Is there a single Oracle home on the client machine?
And then you have a RAC database running on multiple Windows 2003 servers, right? Is there a listener running for this RAC database? Can you connect to it from other client machines?
Are you certain that the service name you specified in the client machine's tnsnames.ora file matches the service the listener is listening for?
Justin -
URGENT - cannot log in to SQL Plus on Oracle 8i
Hi, I have Oracle 8i (8.1.6.0.0) installed on windows 98.
I want to use the SQL Plus module, but I have trouble to login SQL plus, and I an get error message:
ORA-12560: TNS:Protocol adapter error
I supposed the default username and password as follows:
SYS/CHANGE_ON_INSTALL
SYSTEM/MANAGER
SCOTT/TIGER
Am I using the correct version or edition (which I also don't know which edition)? Does windows 98 supports SQL Plus?
I was told to set up a database by selecting database administration then follow by database configuration assistant (in order to use the SQL Plus, firstly a database have to set up). I'm not sure whether this is true? but inside the database administration I don't have the so call "database configuration assistant". Can someone please help me?
Thanks a lot in advance!I hope you can help, I'm in the same boat as the others who cannot log on to the SQL* using Oracle Personal Edition 8
I'm running on 98, and everytime I try entering SYS as username & CHANGE_ON_INSTALL as password, or SYSTEM as username & MANAGER as password; I get:
ORA-01034: ORACLE not available
ORA-27101: Shared memory realm does not exist
I've been trying for a number of days, and have created databases using the Database config assistant, and everytime, it gives me the details as SYS CHANGE_ON_INSTALL etc, but it still doesn't let me log into SQL*
Any help would be gratefully received,
Patrick -
Restricting the user to operate DML's from SQL PLUS Environment
how to Restrict the user to operate DML statements from SQL PLUS Environment.
Once you restrict SCOTT user to not be able to do an INSERT command, the SQL*Plus returns an error for user SCOTT when he tries to execute an INSERT statement.
Note however, that this is enforced by SQL*Plus, not the database!
Look into the use of product_user_profile from Oracle documentation for more information.
SQL> insert into product_user_profile values('SQL*Plus', 'SCOTT', 'INSERT', NULL, NULL, 'DISABLED', NULL, NULL) ;
1 row created.
SQL> commit ;
Commit complete.
SQL> disconnect
Disconnected from Oracle9i Enterprise Edition Release 9.2.0.3.0 - Production
With the Partitioning, OLAP and Oracle Data Mining options
JServer Release 9.2.0.3.0 - Production
SQL>
SQL> connect scott
Enter password:
Connected.
SQL>
SQL> insert into emp select * from emp ;
SP2-0544: invalid command: insert
SQL>
SQL> -
If you are running Personal Oracle, you do not need to give host
string to log in SQL Plus. However, database should be started
up first.
In order to run SQL Plus on a client workstation in client-
server environment, you should create a host string using Net
Easy Configuration. If you have created 'ORACLE' as the host
string, it is OK. You will also have to start a listener.sorry I was trying to reply to a post I read and had this
happen. Please ignore this. -
Official link to download sql*plus (linux) for 10g database
Good Morning to all ;
Can anyone provide official link to download sql*plus for 10g database ?
I am using Virtual machine version 7. I want to configure SQL*Plus utility in my virtual machine ..
Please provide any official link or torrent link. It's for our learning purpose.
Thanks in advance ..
OS : REDHAT5, OEL 5
VMWARE : Version 7
Product : 10g R2Hello ;
I can't be enable SQL* Plus in my VMWARE.
*$ unzip instantclient-sqlplus-linuxppc32-10.2.0.1-20051121.zip*
Archive: instantclient-sqlplus-linuxppc32-10.2.0.1-20051121.zip
inflating: instantclient_10_2/glogin.sql
inflating: instantclient_10_2/libsqlplus.so
inflating: instantclient_10_2/libsqlplusic.so
inflating: instantclient_10_2/sqlplus
*[oracle@rhel5 SHARE]$ cd instantclient_10_2/*
[oracle@rhel5 instantclient_10_2]$ ls -l
total 1135
-r-xr-xr-x 1 root root 1525 Nov 12 2005 glogin.sql
-rwxrwxrwx 1 root root 1445591 Nov 12 2005 libsqlplusic.so
-rwxrwxrwx 1 root root 857299 Nov 12 2005 libsqlplus.so
-rwxrwxrwx 1 root root 18391 Nov 12 2005 sqlplus
*./sqlplus*
bash: ./sqlplus: cannot execute binary file
Please provide me the steps to continue .. -
SQL*PLUS를 사용하여 SQL SCRIPT를 동적으로 생성, 수행
제품 : SQL*PLUS
작성날짜 : 2003-05-29
이 Documents 는 SQL 과 SQL*PLUS를 동적으로 생성하고 수행하는 방법을
소개하고 있다. 이를 위해 자주 사용하는 3가지 사용 예를 소개한다.
이 Document는 다음과 같이 구성되어져 있다.
1. CREATING A DYNAMIC DROP TABLE SCRIPT
2. CREATING A DYNAMIC GRANT PRIVILEGES SCRIPT
3. CREATING A DYNAMIC SCRIPT TO SET SQL PROMPT TO DATABASE NAME
1. CREATING A DYNAMIC DROP TABLE SCRIPT
개발 과정 중 우리는 Table을 Drop하고 Original Data를 Import하는 작업을
빈번하게 수행하는데, 이 때 개개의 Drop 문을 사용하지 않고
SET_UP_DROP.SQL 이라 불리우는 다음의 Script를 사용한다.
set heading off
set feedback off
spool drop_all.sql
select 'drop table'||table_name||';'from user_tables;
spool off
set feedback on
start drop_all.sql
DROP_ALL.SQL script 는 다음과 같다.
drop table DEPT;
drop table BONUS;
drop table SALGRADE;
drop table DUMMY;
drop table CUSTOMER;
drop table ORD;
drop table ITEM;
drop table PRODUCT;
drop table PRICE;
2. CREATING A DYNAMIC GRANT PRIVILEGES SCRIPT
자신의 모든 Table 을 다른 사람에게 SELECT 권한을 부여하고자 할 때 다음
의 SET_UP_GRANT.SQL 을 이용하면 빠르고 손쉽게 해결할 수 있다.
set heading off
set feedback off
spool grant_all.sql
select 'grant select on'||table_name||'to SCOTT;'from user_tables;
spool off
set feedback on
start grant_all.sql
GRANT_ALL.SQL 의 script 는 다음과 같다.
grant select on DEPT to SCOTT;
grant select on BONUS to SCOTT;
grant select on SALGRADE to SCOTT;
grant select on DUMMY to SCOTT;
grant select on CUSTOMER to SCOTT;
grant select on ORD to SCOTT;
grant select on ITEM to SCOTT;
grant select on PRODUCT to SCOTT;
grant select on PRICE to SCOTT;
3. CREATING A DYNAMIC SCRIPT TO SET SQL PROMPT TO DATABASE NAME
위의 개념들을 보다 더 잘 사용하기 위해서는 SQL Prompt를 자신의
Database로 변환해주는 SET_UP_PROMPT.SQL Script를 login.sql File 에
추가시켜 자동적으로 SQL*PLUS를 불러 올 수 있게 한다.
이는 Multiple Databases에 유용하다.
set termout off
set heading off
set feedback off
spool set_prompt.sql
select 'set sqlprompt'||value||'>"from v$parameter
where name='db_name';
spool off
start set_prompt.sql
SET_PROMPT.SQL 은 다음과 같다.
set sqlprompt V734>
V$PARAMETER 는 Dynamic Performance Table 의 View 이다. Install 후 SYS
user만이 Dynamic Performance Table을 수행할 수 있으므로 위의 Script를
사용하기 위해 View를 Create 하거나 User에게 Access 권한을 부여하여야
한다.
Reference Documents
<Note:17387.1> -
SQL Program better than SQL*Plus
Hello
Do you know any program better than SQL*Plus for Oracle Database?
I also know TOAD and SQL Navigator, is there any other
If yes where can I download it ?
Thanks in advance.Hi Kurt.
RoboSource Control to my knowledge hasn't been developed in recent releases. It is essentially the same product that existed years ago. It works, but does not have a lot of users. Most people, including myself, prefer to use third party products such as Perforce, SVN.
As RoboSource Control is an old product and isn't widely used, I doubt whether anyone has tried using it on SQL Server Express 2012. That is not to say it won't work on it though. -
SQL * Plus - forward slash usage
I have package spec and body in separate files, i have 2 packages, so i have 4 files in total.
I want to install the 2 packages using "SQL * Plus", but how the install-script should look like. I don't understand how and where to use "sql * plus" command "forward-slash" "/".
Should it be like this:
spec_file_1
body_file_1
spec_file_1
body_file_1
Or how the "/" should be used? Only ones at the end? I don't understand.You can write a single file this way:
create or replace package a is
end;
create or replace package body a is
end;
create or replace package b is
end;
create or replace package body b is
end;
/And then run it in sqlplus this way:
SQL >@a.sqlor multiple files this way:
create or replace package a is
end;
create or replace package body a is
end;
create or replace package b is
end;
create or replace package body b is
end;
/And then run them in sqlplus this way:
SQL >@a.sql
SQL >@b.sql
SQL >@c.sql
SQL >@d.sqlOr write a file e that runs a,b,c,d this way:
@a.sql
@b.sql
@c.sql
@d.sqlAnd then run it in sqlplus this way:
SQL >@e.sqlIn the previous examples the slash is always at the end of each CREATE...END;
This is not compulsory. In the last example you could remove the slashes from the files a,b,c,d and write the file e this way:
@a.sql
@b.sql
@c.sql
@d.sql
/This works anyway.
Max
[My Italian Oracle blog|http://oracleitalia.wordpress.com/2010/01/23/la-forza-del-foglio-di-calcolo-in-una-query-la-clausola-model/]
Edited by: Massimo Ruocchio on Jan 26, 2010 9:20 AM
typos -
SQL*Plus and NLS_DATE_FORMAT
So, I haven't visited this topic in a long time, so I'm trying to refresh my memory on how everything works ...
We set our NLS_DATE_FORMAT at the system level ... what ... 4 years ago to 'MM/DD/RR'. Despite the fact that I set this to something more commonly-used than the default of 'DD-Mon-RR', we've adopted the standard of always using TO_DATE() with an explicit format, just in case it's ever changed.
There were some applications that missed the standard, and now that a driver (for ColdFusion) has been updated, these SQL statements are now failing.
When I started looking into it, I realized that the system-level default of 'MM/DD/RR' should work fine. But, after experimenting in SQL*Plus and TOAD, I am thinking that either:
1) the system-level format is not being used
2) and/or there are login scripts which are setting these to something else
Coincidentally, both SQL*Plus and TOAD return the exact same query results:
SQL> select *
from NLS_INSTANCE_PARAMETERS
where parameter = 'NLS_DATE_FORMAT';
PARAMETER VALUE
NLS_DATE_FORMAT MM/DD/RR
SQL> select *
from NLS_SESSION_PARAMETERS
where parameter = 'NLS_DATE_FORMAT';
PARAMETER VALUE
NLS_DATE_FORMAT DD-MON-RRSo I looked into the glogin.sql script (which both tools share), and there's nothing mentioned about the NLS_DATE_FORMAT
-- Copyright (c) 1988, 2003, Oracle Corporation.
-- All Rights Reserved.
-- NAME
-- glogin.sql
-- DESCRIPTION
-- SQL*Plus global login "site profile" file
-- Add any SQL*Plus commands here that are to
-- be executed when a user starts SQL*Plus, or
-- uses the SQL*Plus CONNECT command
-- USAGE
-- This script is automatically run
-- Used by Trusted Oracle
COLUMN ROWLABEL FORMAT A15
-- Used for the SHOW ERRORS command
COLUMN LINE/COL FORMAT A8
COLUMN ERROR FORMAT A65 WORD_WRAPPED
-- Used for the SHOW SGA command
COLUMN name_col_plus_show_sga FORMAT a24
COLUMN units_col_plus_show_sga FORMAT a15
-- Defaults for SHOW PARAMETERS
COLUMN name_col_plus_show_param FORMAT a36 HEADING NAME
COLUMN value_col_plus_show_param FORMAT a30 HEADING VALUE
-- Defaults for SHOW RECYCLEBIN
COLUMN origname_plus_show_recyc FORMAT a16 HEADING 'ORIGINAL NAME'
COLUMN objectname_plus_show_recyc FORMAT a30 HEADING 'RECYCLEBIN NAME'
COLUMN objtype_plus_show_recyc FORMAT a12 HEADING 'OBJECT TYPE'
COLUMN droptime_plus_show_recyc FORMAT a19 HEADING 'DROP TIME'
-- Defaults for SET AUTOTRACE EXPLAIN report
COLUMN id_plus_exp FORMAT 990 HEADING i
COLUMN parent_id_plus_exp FORMAT 990 HEADING p
COLUMN plan_plus_exp FORMAT a60
COLUMN object_node_plus_exp FORMAT a8
COLUMN other_tag_plus_exp FORMAT a29
COLUMN other_plus_exp FORMAT a44
-- Used to alter the TOAD environment so that users do not have to
-- use the SET DEFINE OFF command prior to compiling code
-- Charles Forbes 10.17.2005
SET scan offIf I expressly go into either tool and execute, the following, setting the format to that already delcared at the system-level:
alter session set nls_date_format = 'MM/DD/RR'Then these SQL statements start running just fine again.
There's something that I'm missing in my basic understanding of how this works. I assumed that the driver update for ColdFusion perhaps enabled a different "glogin.sql"-type script equivalent for that tool ... until ... I started checking into how the NLS_DATE_FORMAT is supposed to work ... but isn't. Could someone help me clarify where the hole is in my understanding?
Thanks,
Chuckchuckers wrote:
What's the difference, then, between NLS_SESSION_PARAMETERS and NLS_INSTANCE_PARAMETERS in my initial post? The glogin.sql script isn't altering the NLS_DATE_FORMAT for the desktop version of SQL*Plus, so I'm perplexed that the SESSION format differs from the INSTANCE format.NLS_SESSION_PARAMETERS are the NLS parameters that are in force for your particular session (i.e. the particular connection you have). Most client applications cause things like NLS_DATE_FORMAT to be set, overriding the NLS_INSTANCE_PARAMETERS. Instance-level NLS settings are most commonly used only for purely back-end processing (i.e. background jobs scheduled via DBMS_JOB or DBMS_SCHEDULER, etc.) 9 times out of 10, the client application is going to override the instance-level paramters.
I even opened SQL Developer, and got
select * from nls_session_parameters where parameter = 'NLS_DATE_FORMAT';
PARAMETER VALUE
NLS_DATE_FORMAT DD-MON-RR
1 rows selected
select * from nls_instance_parameters where parameter = 'NLS_DATE_FORMAT'
PARAMETER VALUE
NLS_DATE_FORMAT MM/DD/RR
1 rows selected
That's not unexpected. Java applications are going to use the Java regional properties at least to specify a date format. SQL Developer has a config option for the date format, so it may well be specifying a different format.
They're all 3 (Toad, SQL*Plus, TOAD) so suspiciously consistent, that I'm questioning some of the fundamentals of the NLS setup.
I went ahead and looked via SQL*Plus from the server-side, & things are looking more consistently in-line with my expectations:
[oracle@dvsrvr13 ~]$ sqlplus forbesc@d13
SQL*Plus: Release 10.1.0.4.0 - Production on Thu Mar 19 12:44:57 2009
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> select * from nls_session_parameters where parameter = 'NLS_DATE_FORMAT';
PARAMETER VALUE
NLS_DATE_FORMAT MM/DD/RR
SQL> select * from nls_instance_parameters where parameter = 'NLS_DATE_FORMAT';
PARAMETER VALUE
NLS_DATE_FORMAT MM/DD/RR
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
[oracle@dvsrvr13 ~]$ locate glogin.sql
/u01/app/oracle/product/10.1.0/db_1/sqlplus/admin/glogin.sql
[oracle@dvsrvr13 ~]$ more /u01/app/oracle/product/10.1.0/db_1/sqlplus/admin/glogin.sql
-- Copyright (c) 1988, 2003, Oracle Corporation. All Rights Reserved.
-- NAME
-- glogin.sql
-- DESCRIPTION
-- SQL*Plus global login "site profile" file
-- Add any SQL*Plus commands here that are to be executed when a
-- user starts SQL*Plus, or uses the SQL*Plus CONNECT command
-- USAGE
-- This script is automatically run
-- Used by Trusted Oracle
COLUMN ROWLABEL FORMAT A15
-- Used for the SHOW ERRORS command
COLUMN LINE/COL FORMAT A8
COLUMN ERROR FORMAT A65 WORD_WRAPPED
-- Used for the SHOW SGA command
COLUMN name_col_plus_show_sga FORMAT a24
COLUMN units_col_plus_show_sga FORMAT a15
-- Defaults for SHOW PARAMETERS
COLUMN name_col_plus_show_param FORMAT a36 HEADING NAME
COLUMN value_col_plus_show_param FORMAT a30 HEADING VALUE
-- Defaults for SHOW RECYCLEBIN
COLUMN origname_plus_show_recyc FORMAT a16 HEADING 'ORIGINAL NAME'
COLUMN objectname_plus_show_recyc FORMAT a30 HEADING 'RECYCLEBIN NAME'
COLUMN objtype_plus_show_recyc FORMAT a12 HEADING 'OBJECT TYPE'
COLUMN droptime_plus_show_recyc FORMAT a19 HEADING 'DROP TIME'
-- Defaults for SET AUTOTRACE EXPLAIN report
COLUMN id_plus_exp FORMAT 990 HEADING i
COLUMN parent_id_plus_exp FORMAT 990 HEADING p
COLUMN plan_plus_exp FORMAT a60
COLUMN object_node_plus_exp FORMAT a8
COLUMN other_tag_plus_exp FORMAT a29
COLUMN other_plus_exp FORMAT a44
[oracle@dvsrvr13 ~]$ So in all, I'm just perplexed by the differences.
--=cfI'm not surprised that SQL*Plus from the Unix database server is going to have session-level settings that match the instance-level settings because there is probably nothing set in the Unix environment that would override the instance-level settings. There is probably no NLS_LANG or NLS_DATE_FORMAT set as environment variables and probably no central place to look for regional settings. Most applications, particularly Windows and Java apps, are going to have multiple places to look for that sort of information.
Justin -
Hi everybody,
I want to prevent the users from logging into sqlplus, the only way they can log into my database is through forms developer.
So how can I do that?
Database I am using is 7.3.2.
I could not execute *CREATE OR REPLACE TRIGGER trigger_name
AFTER LOGON ON DATABASE* on database 7.3.2.
because AFTER or BEFORE LOGON ON DATABASE are not supported on database 7.3.2
Is there another way to do what I want?
could anyone give me a helping hand please?
bye.[email protected] wrote:
I want to prevent the users from logging into sqlplus, the only way they can log into my database is through forms developer.This is NOT security! It is a mere warm fuzzy that says "+oh my database security now seems better+" - it means nothing.
It is trivial to circumvent any checks you put in place on the server side to prevent direct SQL access.
Why?
Because you need some means of identifying the client.
How?
By using the client identification details supplied in the connection string that the client itself passes to the Oracle Listener and server.
Do you think it is a robust and logical approach to trust the unknown client to correctly tell you what it is, in order for you to decide whether or not to allow access? (e.g. I can write a Perl Proxy for Oracle, that looks to the server as a legal app, but in turn accepts and proxies connections from SQL*Plus, TOAD, MS-Access and anything else)
Oracle (default) authentication works with scheme name and password. If the client supplies that, it means that the client is authenticated.. irrespective of who/what the client is.
This means that you need to make sure that this schema is correctly secured, and that the client (irrespective of the client app used) can only do what that Oracle schema is allowed to do...
Of course, running a 15 year old Oracle version is as non-nonsensical as implementing security based on trusting what the client says. -
Hi
I have install Oracle 9i Enterprise Edition on Windows XP. Then I have created a database call "itcmdb". Then to login to SQL Plus in graphical mode I have enter
User Name: sys as sysdba
Password : password
Host String : itcmdb
Then I have got an error:
SQL*Plus: Release 9.2.0.1.0 - Production on Fri Feb 17 16:46:17 2006
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SP2-0306: Invalid option.
Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER}]
where <logon> ::= <username>[<password>][@<connect_string>] | /
so I try to log into SQL Plus by using command prompt. So i enter following command in the command prompt.
D:\>SQLPLUS /NOLOG
SQL*Plus: Release 9.2.0.1.0 - Production on Fri Feb 17 16:50:34 2006
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
SQL> connect sys/password@itcmdb as sysdba
Connected.
SQL>
the it was connected without any problem. Then i check "C:\oracle\ora92\network\admin\tnsnames.ora". So it was contain following information.
ITCMDB =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = Rasika)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME=itcmdb)
Then i check "C:\oracle\ora92\network\admin\listener.ora". so it was contains following information.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = rasika)(PORT = 1521))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora92)
(PROGRAM = extproc)
(SID_DESC =
(GLOBAL_DBNAME = ITCMDB)
(ORACLE_HOME = C:\oracle\ora92)
(SID_NAME = ITCMDB)
Cold u plz help me to fix this problem........Hi
I have install Oracle 9i Enterprise Edition on
Windows XP. Then I have created a database call
"itcmdb". Then to login to SQL Plus in graphical mode
I have enter
User Name: sys as sysdba
Password : password
Host String : itcmdb
Then I have got an error:
SQL*Plus: Release 9.2.0.1.0 - Production on Fri Feb
17 16:46:17 2006
Copyright (c) 1982, 2002, Oracle Corporation. All
rights reserved.
SP2-0306: Invalid option.
Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER}]
where <logon> ::=
<username>[<password>][@<connect_string>] | /
so I try to log into SQL Plus by using command
prompt. So i enter following command in the command
prompt.
D:\>SQLPLUS /NOLOG
SQL*Plus: Release 9.2.0.1.0 - Production on Fri Feb
17 16:50:34 2006
Copyright (c) 1982, 2002, Oracle Corporation. All
rights reserved.
SQL> connect sys/password@itcmdb as sysdba
Connected.
SQL>
the it was connected without any problem. Then i
check "C:\oracle\ora92\network\admin\tnsnames.ora".
So it was contain following information.
ITCMDB =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = Rasika)(PORT
)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME=itcmdb)
Then i check
"C:\oracle\ora92\network\admin\listener.ora". so it
was contains following information.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST =
)(HOST = rasika)(PORT = 1521))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = C:\oracle\ora92)
(PROGRAM = extproc)
(SID_DESC =
(GLOBAL_DBNAME = ITCMDB)
(ORACLE_HOME = C:\oracle\ora92)
(SID_NAME = ITCMDB)
Cold u plz help me to fix this problem........on the sqlplusw gui you can not pass sys as sysdba as this option is available in OEM or other FRONTEND tools, wherein they inherently implement connect command.
Hope this helps ! -
W'azup with SQL Developer barfing on SQL*Plus "set" commands
Check out this short script and the results it generates, as pasted below.
I can't find anything in the SQL Dev documenation re: what SQL*Plus set commands it supports and which it considers "passe." I'm particularly puzzled by the "column ... format ..." command getting ignored.
set heading off
set pagesize 0
set linesize 80
set feedback off
prompt ...start...
column x format a5
select 'abcdefghij' x from dual;
prompt ...end...
line 1: SQLPLUS Command Skipped: set heading off
line 2: SQLPLUS Command Skipped: set pagesize 0
line 3: SQLPLUS Command Skipped: set linesize 80
...start...
X ----------
abcdefghij 1 rows selected
...end...For supported SQL*Plus commands: SQL Developer Help > SQL Developer Concepts and Usage > Using the SQL Worksheet > SQL*Plus Statements Supported and Not Supported in SQL Worksheet.
The "column ... format ...." command is not supported. A workaround is to use substr in your select statement.
See also How to set a column size in sqldeveloper?
Maybe you are looking for
-
History - I had a 30 day trial version of Lightroom back in October. One small catalog of 1500 photos were contained in it. When I was prompted to upgrade, I incorrectly selected the option to "choose a different catalog" which prevented me from seei
-
0 qty in stock, but still value
Hi, our Inventory Audit report shows some items with a qty of 0 in stock, but nevertheless a positive cumulative value (up to $4.50) Since we use this report it is looks weird if the is a row with 0 in stock, but still a value. And if we remove lines
-
Hi, I am debugging a custom program, which is a copy of standarad one. This used logical database. In END-OF-SELECTION, I see a LOOP statement without internal table name. But the values are coming to the workarea T. I would like to know how the data
-
If USEREXIT/BADI doesnt exists ?
Hi experts, I m searching for an exit/badi for txn code IW31 in ECC 6.0. But i coundnt found the exit or badi. In these cases how can we acheive the business requuirememnt? i heard BTE is only for FI module. But i am working on ECC, with order manage
-
Unable to sign-in to write a review.
Hi, I want to write a review for an iPhone app. When I click on the "Write a Review" button, it asks me to sign-in to write a customer review. I enter my ID and password, click "Sign in". The box disappears and immediately returns, asking me to sign-