We have our application installed on customers machines and that includes the oracle database (19c) where much of our code and all our data is stored. The problem we face is that our application requires a db user (schema) per login in our product and the users have found out that they can access the database directly (via pl/sql developer) with the usernames. They then get more or less full access to our code (only look at it) and our tables (full access since its required for the product to work).
We really don't want this as this is our product and it also makes it possible for customer to manipulate data in a way that it was not intended.
To stop this we have created a database logon trigger that, via v$session.module column, checks if user loggin is coming from the application or other means. If they log in outside application we reject the login by failing the trigger (raise). The problem is that the trigger only works sporadically. It does fail (have logged this to make sure) but user still gets logged in most of the time.
To counter this we created a kill jog that kills illegal logins but it really feels like a band aid on a broken leg.
Is there no better solution to stop logins into Oracle db?