Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

   
 

Oracle Tips by Burleson

Chapter 8 General Oracle Auditing

This is where the elaborate application user management functionality described in Chapter 5 comes handy. Instead of repeating those steps here, we will just highlight the important points. All the procedures and functions mentioned here are described in Chapter 5 and are available from the online code depot.

  • All the privileges are granted to several roles corresponding to several types of users. All these roles are authenticated by procedures.
     

  • The user APPUSER is granted all these roles, but none as default. So when a user logins in APPUSER, none of the roles are enabled, meaning the user can’t do anything at that point.
     

  • After the user logs in as APPUSER, he has to execute a special function called is_password_correct which accepts two parameters – the application userid and the password, and returns YES, if correct and NO, otherwise.
     

  • Inside this function, all the roles allocated to that application user are enabled by the set_role procedure.
     

  • The user APPUSER is not given execute privileges on the package dbms_session. This will prevent the user from calling the procedure set_identifier directly.
     

  • The is_password_correct function also sets the client identifier.
     

  • Since the user APPUSER must know the application user’s password, the chance that someone else would logs in as APPUSER and make changes is eliminated.
     

  • Also, since the client identifier is set automatically and the user can’t set it specifically, the authenticity of the client identifier is also maintained.

As you can see, client identifiers provide the missing link between the actual user and the database. This
 

The above text is an excerpt from the bestselling book: Oracle Privacy Security Auditing It's only $39.95 and has an download of working security scripts:

 

This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only $39.95 and has an download of working security scripts:

 

http://rampant-books.com/book_2003_2_audit.htm

 


Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA

 

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks