Security :: Tracking User Security Violations

Jul 27, 2010

Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.

View 1 Replies


Security :: Authenticating Oracle User Based On Windows User ID?

Mar 11, 2011

We are trying to implement the following security to our database.

As of now, the access rights are same for all the windows users logging into the Oracle application with the same Oracle user Id.

But now, we want to improve our security by granting different levels of rights to the users based on their Network Id even though they use the same Oracle User Id to log into the application.

We are not looking for the users to be identified externally.


View 3 Replies View Related

Security :: User Locked / Track User Who Hit Wrong Password

Dec 21, 2010

We have the database user called c88888 and is locked yesterday. I came to this with the following query.

select * from dba_users where username like 'C88888';

Due to invalid password the user was locked. Can we track who hit the database with the wrong password?

View 5 Replies View Related

Security :: Oracle 11G And Advanced Security / FIPS 140-2 Compliant Encrypt Data At Rest

Dec 26, 2012

Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?

View 3 Replies View Related

Security :: Enhance Security Of Windows And Recover Lost / Forgotten Password?

Nov 16, 2010

Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.

1. Is random password a great password?

A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.

2. Create the long Windows password

Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).

3. Create the Windows password constantly?

This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.

4. Write down Windows password in a proper place

Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.

5. 14 characters is the optimal password length

Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.

6. Try not to use the same Windows password for all accounts

Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.

7. Do not use some common words that other users maybe guess

Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.

You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.

View 1 Replies View Related

Security :: User Should Be Able To Read All The Objects Of User?

Sep 12, 2011

User A contains tables, views, LOB's, types, procedures, triggers, sequences, indexes, synonyms. User B wants to have read-only privilege on the objects of User A.

I can provide select on privilege on tables and views. How about providing read-only privileges to other objects?

View 1 Replies View Related

Security :: To See Any Database For The Operations Of Sys User Or Any Other User

Aug 23, 2011

I have enabled Auditing in my oracle Database but I am not able to see any database for the operations of sys user or any other user in my "SYS.AUD$" and "SYS.FGA_LOG$" tables.

Value for the parameter "AUDIT_TRAIL" is set to "db,extended".

I am working as "SYS" user and I have shutdown and again startup the database but neither there was any information in both the tables nor I can see any files at the destination specified by "AUDIT_FILE_DEST".

View 10 Replies View Related

Security :: Moving Application Security To Oracle From Sybase

Aug 18, 2010

In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:

1. How to determine 'x' days of inactivity based on "last login date"?

2. How to determine when a new user logs in for the first time and force them to change their password?

3. If we need to reset a users password, how can we require the user to change their password?

4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?

5. In the USER_USERS view there is a status column. What the different status's can be?

View 3 Replies View Related

Security :: Limit Sessions Per User In RAC

May 6, 2011

The following link states

Each instance maintains its own SESSIONS_PER_USER count. If SESSIONS_PER_USER is set to 1 for a user, the user can log on to the database more than once as long as each connection is from a different instance.


Of course the following is not working even when resource_limit is TRUE


How can I restrict a user to have limited sessions say 2 sessions across 4 node cluster? Presently I am checking the sessions logged in using sql+ and no connection pooling of front end etc. is involved.

View 5 Replies View Related

Security :: User Password Expired?

Nov 11, 2011

i am using a oracle server. And all my users password has been expired, is there any way to recover those users without failing my data.

View 19 Replies View Related

Security :: OID Create User Error

Aug 23, 2010

I am using Oracle Internet Directory to store user information and OID delegation administratibe services for user entry. An an admin I created a privileges group called admins. Users belonging to this group can create user, delete users, edit users, and edit groups. I created 'User A' and assigned him to the group. Now 'User A' creates 'User B' and assignes him to the group. However when 'User B' creates 'User C' he gets the error [LDAP: error code 50 - Insufficient Access Rights].

This happens even though 'User B' belongs to the admin group which has the privilege to create users.

View 1 Replies View Related

Security :: Restricting User Access?

Oct 17, 2010

The application user owns the application schema which owns all the database objects in this schema. Now 50 of our developers need access to this application schema but giving away the password for the application user is risk as "Drop user application cascade" and wipe off all the objects. The option i have is to create 50 separate users with tablespace as application and grant all rights to application schema.

View 9 Replies View Related

Security :: How To Create User Under Schema

Dec 5, 2012

To make users under one schema.

1) user should have access of all objects with limited privileges.

How can i make it under schema?

View 3 Replies View Related

Security :: History Of Privileges Changes Done For A DB User

Jan 1, 2013

As how do I query, as when was the last time or rather list of privileges changes done for a db user and what was the changes made?

View 1 Replies View Related

Security :: Grant Privileges To A User?

Dec 10, 2010

I am a java developer and would like to install data locally in my computer for testing purpose.

I login as sysdba in sqlplus, created a user.

In the installation documentation it said :

This user should have at least the following privileges.


If you choose, you can grant DBA role to this user.

Note: Coeus Schema owner should have CREATE USER and ALTER USER right explicitly granted to it, not through a role like DBA.

1)How to grant all this prvileges to that user ?

2)How this user will have CREATE USER and ALTER USER right explicitly granted to it, not through a role like DBA ?

View 5 Replies View Related

Security :: How To Know What Object Privilege A User Have

Nov 13, 2013

How to know what object/tab privileged a user have ? without connecting that user and using USER_TAB_PRIVS by connecting on that user I mean on DBA table .

View 0 Replies View Related

Security :: To Find Out Which Row Locked By Particular User

May 14, 2011

If the user has locked some row in the database how to find out the row id or the row which is locked by that particular USER.

View 2 Replies View Related

Security :: SQLs To Monitor User Access?

Jul 2, 2011

There is a user account called 'BALA'.How to create SQLs to monitor 'BALA' user access ?

View 9 Replies View Related

Security :: Create User With Non Expiring Password

Jul 7, 2011

I want to create oracle user with non expiring password or i want to create one oracle user and set the password as non expiring.

View 9 Replies View Related

Security :: Integrating LDAP For User Authentication

Jan 24, 2013

We like to integrate the window LDAP to a new oracle database for user authentication. For example, this is a new test database and we don't have any users created.Now we like to figure out if we created the users with same id as in LDAP userid, how they can be authenticated externally by LDAP. I read and heard some info on OID provided by oracle but need some more step by step info to experiment.

View 3 Replies View Related

Security :: How To Find Current User In Database

Sep 22, 2011

query to find the current user accessing the database

View 5 Replies View Related

Security :: How To Generate User And Password Manually

Aug 27, 2012

i forget my system password and i can't login to my database,and its not letting me in as sys/manager as to generate new user and password....

View 13 Replies View Related

Security :: How To Configure End User Open Only One Session

Jun 10, 2011

I want to configure this

my end user open only one session

means one session per one user only

View 8 Replies View Related

Security :: How To Change DEFAULT-ROLE Of A User

Jul 13, 2011

I want to change the DEFAULT_ROLE column to NO for following user 'P10_DEMO'.

SQL> show user
SQL> select name from v$database;


how to do this ?

View 8 Replies View Related

Security :: Accounting - Cause Of Oracle User Being Locked

Oct 23, 2012

An Oracle user account got locked, how do I check, which program or session was the cause for it? how to fetch this details along with details like timestamp, ip address, program name.

Wanted to know for Oracle 11 version running on Solaris machine.

View 2 Replies View Related

Security :: User Account Locked Error

Oct 3, 2012

we have a prod application which use oracle database 11g as backend and .NET technology as front end . There is a user TESTUSER in database.

Issue is that we can login in to the application, but when we try to login in database through toad or Db visualizer then it gives an error of 'user account locked'.

View 5 Replies View Related

Security :: Trace Or Audit User Activity

Dec 9, 2011

i want to trace user activities, I want to generate the file with SQL statement generated by particular user. I tried to look in to sys.AUD$ but all i get is logging logout and locations but no SQL Text.

View 7 Replies View Related

Security :: User Specific Data Obfuscation?

Jan 24, 2013

I have the following requirement and we are on R12.1.3 with Oracle 11gR2 database on a Linux R5 machine.

1) Sensitive data such as SSN and credit card needs to masked in the oracle seeded table like per_all_people_f etc.
2) This original data should not be visible either from the database (apps user) or via the application. They should both provide the decrypted data to the users.
3) There are a set of users that need point # 2 overridden. That is, they should be able to see the decrypted data using sql on the tables or via the application (front end).

View 4 Replies View Related

Security :: Wallet For Each Windows (service) User

Apr 4, 2013

Is there a way to have separate wallets for each windows user? Well, I have found a way, but does not seem to work always properly and that is with %USERNAME% environment variable.

This is how our customer want's to have - so separate wallet for each windows user, how to accomplish this without using %USERNAME%?

View 2 Replies View Related

Security :: Grant Privileges To Public User

Jul 9, 2011

grant insert,update,delete,select on staging_tb1 to public;

What is public here? i know something about public user like it is users exist in the database .

View 5 Replies View Related

Copyrights 2005-15, All rights reserved