Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

   
 

Oracle Tips by Burleson

Chapter 11 Oracle Fine Grained Auditing

decides to forge identity of the Domain Name to say, ORACLE.COM, he or she will not be successful because he or she does not know the encryption key. The user can call SECUSER.SET_CLIENT_ID to set another client identifier, but it will not be decrypted properly, and will not state ORACLE.COM, unlike what the hacker intended. Therefore, the value can be set and retrieved in a secured manner.

Potential Threats

This merely ensures that the user does not enter a value that can be considered valid. However, this does not prevent the user from changing the value of the client identifier. It will not be valid, but it will be passed on to the FGA trail tables, and thus the identity of the user can be shrouded. This setup does not help in identifying culprits but makes sure the wrong person is not identified for a malicious act.

In order to absolutely make sure that the user is identified, you have to user the Oracle Advanced Security option to pass the username from the LDAP server.

Application Context

Unlike Virtual Private Database, the Client Identifier method is available only in Oracle 9i. For Oracle 8i, the absence of this variable makes tracking of the usernames difficult. However, FGA is not available in Oracle 8i, so this ceases to be problem.

In VPD, the problem was solved using application contexts in Oracle 8i. But even in Oracle 9i, they can be used to enhance the FGA. Earlier, we saw that we could store a long list of information in Client Identifier, such as the Domain Name, Application User Name,
 

The above text is an excerpt from the bestselling book: Oracle Privacy Security Auditing It's only $39.95 and has an download of working security scripts:

 

This is the only authoritative book on Oracle Security, Oracle Privacy, and Oracle Auditing written by two of the world’s leading Oracle Security experts.

This indispensable book is only $39.95 and has an download of working security scripts:

 

http://rampant-books.com/book_2003_2_audit.htm

 


Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA

 

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks