Security :: Oracle Auditing DBA_STMT_AUDIT_OPTS Where User_name Is Null

Jan 8, 2013

I have enabled Auditing but when i run the below given statement i get the output with count of 20 null username.I tried to run NOAUDIT ALL but still the same result.

Why does it show auditing for null username and how can i disable it.

select count(*) from DBA_STMT_AUDIT_OPTS where user_name is null;
20

View 3 Replies


ADVERTISEMENT

Security :: How To Enable Auditing In Oracle

Dec 8, 2011

How to enable auditing in oracle ?

View 2 Replies View Related

Security :: Send Oracle Auditing To Syslog

Mar 9, 2011

I am using Oracle 11g (11.2.0.1) and I want to audit the specific tables in my schema and send to OS syslog.

For example, I have 3 tables A,B and C. If any user is accessing A and B tables (DMLs,select etc) then I want to audit and send it to OS syslog.

View 1 Replies View Related

Security :: Auditing At Table Level In 11g?

Apr 27, 2012

We have recently upgraded our DR environment from 9i to 11g. We have auditing turned on for 3 tables.

On 9i, AUD$ table size is 11G for 12 months and the upgraded 11g environment has 9G in 2 days....

Below is the sql statement we used to turn on auditing on these tables.

audit select,update,delete on audit_Test2 by session;

Opened SR with Oracle, but no proper response from them...

what changes we need to do in order to reduce the amount of audit data on these tables in 11g?

View 8 Replies View Related

Security :: Enable Auditing For Users?

Oct 10, 2012

i enable auditing on the database 10.2 for users,

once i query SQL> SELECT username,
extended_timestamp,
owner,
obj_name,
action_name
FROM dba_audit_trail
WHERE owner = <Username>

there are many many rows , my question is , are you enable to truncate it from time to time , if not ,is it effect on the performance of the database ?

View 3 Replies View Related

Oracle 9i Auditing

Feb 24, 2011

I have enabled auditing in my oracle9i DB, it is running fine, generating trails and I can capture those. Recently I checked in dba_audit_session table and found os_username, userhost, terminal showing null value whereas username is captured as my own (having dba prvis). Strange thing is that it doesn't occurs everyday.

One of the possibility of running batch files may occurs such issues, but I ran this batch everyday then why it is occurring some days only.

Attached File(s)

dba_audit_session.txt ( 2.71K )
Number of downloads: 4

View 1 Replies View Related

Security :: Oracle 11G And Advanced Security / FIPS 140-2 Compliant Encrypt Data At Rest

Dec 26, 2012

Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?

View 3 Replies View Related

Security :: Moving Application Security To Oracle From Sybase

Aug 18, 2010

In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:

1. How to determine 'x' days of inactivity based on "last login date"?

2. How to determine when a new user logs in for the first time and force them to change their password?

3. If we need to reset a users password, how can we require the user to change their password?

4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?

5. In the USER_USERS view there is a status column. What the different status's can be?

View 3 Replies View Related

SQL & PL/SQL :: Function In Oracle To Select Not-null Columns At Beginning And Null Columns At End?

Jul 12, 2012

I have 8 columns. Some of them might be null.I want to display all 8 columns in my result. Not null columns will be first and null at the end.Here is a sample data :

Employee table :
Employee_id Emp_fname emp_lname emp_mname dept salary emp_height emp_weight
1 aaa ddd d1 100 6 180
2 bbb ccc 120 169
3 dfe d2 5.9 223

The expected result is :
result1 result2 result3 result4 result5 result6 result7 result8
1 aaa ddd d1 100 6 180
2 bbb ccc 120 169
3 dfe d2 5.9 223

View 8 Replies View Related

SQL & PL/SQL :: Hierarchical Query - Connect NON-NULL Rows To Preceding NULL Row

Aug 29, 2012

I have the following query:

select col_1,col_9 from
book_temp b
where b.col_1 is not null
order by to_number(b.col_16)
;

What I want to add is the following:

COL_9
=====
NULL
A
B
NULL
C
D
E
F
NULL
G

I need to connect the NON-NULL rows to the preceding NULL row.

View 15 Replies View Related

SQL & PL/SQL :: Counting NULL Vs NON-NULL In A GROUP BY Clause

Jun 21, 2010

I am running a GROUP BY query on a few columns of enumerated data like:

select count(*), Condition, Size
group by Condition, Size;

COUNT(*) CONDITION SIZE
-------- ---------- --------
3 MINT L
2 FAIR L
4 FAIR M
1 MINT S

Well, let's say I also have a timestamp field in the database. I cannot run a group by with that involved because the time is recorded to the milisec and is unique for every record. Instead, I want to include this in my group by function based on whether or not it is NULL.

For example:

COUNT(*) CONDITION SIZE SOLDDATE
-------- ---------- -------- ----------
3 MINT L ISNULL
2 FAIR L NOTNULL
2 FAIR M NOTNULL
2 FAIR M ISNULL
1 MINT S ISNULL

View 9 Replies View Related

SQL & PL/SQL :: Date Field - Not Null Column To NULL

Mar 16, 2011

I have a table which has a not null column. the column is date field. I am trying to change it to Null. But it is giving a error.

I am using below query.

ALTER TABLE T_test
modify (paid_to_date null)

View 9 Replies View Related

SQL & PL/SQL :: DB Extended Auditing

Aug 24, 2010

I have a database in which DB extended auditing is enabled but there are no audit specifications in privileges or statements or objects. So what will be audited in that case.

View 12 Replies View Related

Auditing And Implicit Commits

May 11, 2009

I'm working on a Java-based web application and we have unit tests that we use to test all our all code that interacts with the database or code that interacts with our DB code. The Spring framework allows us to perform some DML within a transaction before each test and then rollback the changes. For the most part, this works, however when I run the full suite of unit tests, it will randomly commit data to the database causing the rest of the tests to fail.

will Oracle's auditing let me see where this odd-ball commit is occurring? Is there another way for me to see when data is being committed?

This does not appear to be happening on any of the systems we've deployed, however this is a bit unsettling and would like to know why this is occurring so that we can prevent it from happening in production.

View 1 Replies View Related

Data Auditing In Application?

Mar 31, 2011

I am trying to maintain data audit in the database using triggers where i want to write the row level trigger in an generic way using the following concept .Using USER_TAB_COLUMNS table inside the trigger i want to bind all column values of the row into a single string in the following format

COLUMN_NAME = Value(:new/:old.COLUMN_NAME)=> this value would be bound dynamically is it possible to create a string for each row instance in the trigger at run time using the above mentioned format and user_tab_column table

View 5 Replies View Related

Auditing Without Audit Vault

Mar 8, 2011

how to set up alerts on specific audit log results without using Audit Vault?

View 1 Replies View Related

Enable / Disable Auditing From PHP

Dec 15, 2010

In PL/SQL Plus, i can enable/disable auditing when i connect as sysdba by using these command:

SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE
SQL> shutdown
SQL> startup

I've done it successfully with PL/SQL Plus command line. But in PHP, how can i do that?How to execute "shutdown" and "startup" from PHP?
I've found this code for connect to oracle as sysdba:

oci_connect("/", "", null, null, OCI_SYSDBA);

From the following link:

[URL]......

But, i still can't execute "shutdown", "startup";

View 4 Replies View Related

Auditing Database Without Being DBAdmin?

Jul 17, 2012

I would like to be aware of all select statements that are run against the schema I am responsible for (for performance analysis reasons) My privileges are restricted and I think I won't get access to any dba views.

So is there a recomondation how I can solve this requirement?

View 3 Replies View Related

Auditing No Archive Log Mode

Jun 8, 2012

I am using Oracle Database 10.2 in No Archive Log Mode. what auditing options are available in No Archive Log mode ?

View 4 Replies View Related

Auditing For Queries With No Where Clause

Jul 31, 2012

I'd like to audit a table for any SELECT queries that are executed against it with no WHERE clause. I've read the documentation on DBMS_FGA carefully, and as close as I can tell, creating a policy with a NULL audit_condition causes all queries against the table to be audited, which isn't what I'm looking for.

What I'd like is something like this:

DBMS_FGA.ADD_POLICY (
object_schema      =>  'scott',
object_name        =>  'emp',
policy_name        =>  'mypolicy1',
audit_condition    =>  'WHERE CLAUSE IS ABSENT',
audit_column       =>  'comm,sal',
[code].......  

SELECT * FROM EMP;but queries with conditions ('WHERE sal > 400', for instance) are not trapped.

I'm using 11gR2 (11.2.0.2) on OEL.

View 2 Replies View Related

Auditing Unsuccessful Select Statements

Sep 3, 2013

I'm attempting to audit unsuccessful Select statements in order to trap a problem we're experiencing with our application. I have set the AUDIT_TRAIL initialization parameter to DB_EXTENDED, and bounced our database.

I've issued the AUDIT SELECT ANY TABLE WHENEVER NOT SUCCESSFUL command, and when I issue a SELECT statement as an application user, nothing appears in SYS.AUD$ even though the application has issued a select statement which returned no rows.

View 3 Replies View Related

PCI - Auditing Connect / As Sysdba - Connections?

Feb 15, 2012

I have a problem with a PCI DSS - requirement in Oracle 11.2. (PCI DSS = Payment Card Industry Data Security Standard)

Problem:

we connect via ' ssh -2 -X -l oracle hostname ' to the databaseserver and become os-user 'oracle'. we have also two offshore locations with dba's and each dba comes with his personalized user to the jumphost and then with the above ssh command to the database server.

the problem is that each dba becomes the oracle-os-account and can now connect with '/ as sysdba' to the database.in pci-dss this is not allowed !

now my question:how can I audit these '/ as sysdba'-connections and prove which user connected at which time with the '/ as sysdba' command ?

database is in audit mode. we log to syslog on linus redhat 5. I know one solution could be setting "SQLNET.AUTHENTICATION_SERVICES" parameter to "NONE" in sqlnet.ora file will make it not possible to connect to the database without a password as sysdba. (sqlplus / as sysdba). but we have to many applications and jobs and this is not really the solution in this case.

I think I can only solve this problem with personalized OS-user DBA-accounts in the dba-goup on os-site and os-user oracle should not be used for the future ?? I also need personalized dba-user-accounts in the database. using sys and system is not allowed. this users has to be locked and only for special administration work could it be unlocked.

View 3 Replies View Related

Auditing Lob Column Changes When Working With Dbms_lob?

Oct 26, 2010

It seems that dml trigger doesn't fire when lob field is being updated using dbms_lob package.

As it stated in Oracle documentation:

QUOTE Using OCI functions or the DBMS_LOB package to update LOB values or LOB attributes of object columns does not cause Oracle to fire triggers defined on the table containing the columns or the attributes.

I need to know that table was updated (or is about to be updated), how can I do that in case it is lob field that is being updated?

View 4 Replies View Related

Security :: How To Configure Oracle EM With Newly Created Oracle Instance On 10g DB

Dec 11, 2012

How to configure Oracle EM with newly created Oracle Instance on Oracle 10g DB,which is Single Instance DB but not RAC ,when I start the Oracle EM it is starting the default DB which created during Oracle Server Installation.

View 0 Replies View Related

SQL & PL/SQL :: Unique Null And Multiple Non-null

Oct 24, 2013

create table test
(
id int ,
dat date
)
/

I want to implement a business rule such as we have for each id at most 1 dat null. So, I've created this unique index on test.

create unique index x_only_one_dat_cess_null on test(id, case when dat_cess is null then 'NULL' else to_char(dat_cess, 'dd/mm/yyyy') end);

insert into test values (1, sysdate);
insert into test values (1, sysdate - 1);
insert into test values (1, null);
insert into test values (1, null);
-- -----
insert into test values (2, sysdate);
insert into test values (2, sysdate - 1);
insert into test values (2, null);

The 4th insert will cause an error and this is what I wanted to implement. OK. Now the problem is that for non-null values of dat, we can't have data like this

iddat
------------
124/10/2013
123/10/2013
123/10/2013
1

because of the unique index (the 2nd and the 3rd row are equal). So just for learning purposes, how could we allow at most one null value of dat and allow duplicates for non-null values of dat.

View 2 Replies View Related

SQL & PL/SQL :: How To Modify Null Column To Not Null

Jan 9, 2012

when i follow this steps mention on this website

[URL].........

to modify column from null to not null i got this error and on this website its show successful

my steps are

first i create a table

SQL> create table Stu_Table(Stu_Id varchar(2), Stu_Name varchar(10),
2 Stu_Class varchar(10));

Table created.

Then insert some rows into Stu_Table

SQL> insert into Stu_Table (Stu_Id, Stu_Name) values(1,'Komal');

1 row created.

SQL> insert into Stu_Table (Stu_Id, Stu_Name) values(2,'Ajay');

1 row created.

SQL> insert into Stu_Table (Stu_Id, Stu_Name) values(3,'Rakesh');

1 row created.

SQL> insert into Stu_Table (Stu_Id, Stu_Name) values(4,'Bhanu');

1 row created.

SQL> insert into Stu_Table (Stu_Id, Stu_Name) values(5,'Santosh');

1 row created.

SQL> select * from Stu_Table;

ST STU_NAME STU_CLASS
-- ---------- ----------
1 Komal
2 Ajay
3 Rakesh
4 Bhanu
5 Santosh

Table Structure is like this

SQL> Describe Stu_Table
Name Null? Type
----------------------------------------- -------- ----------------------------
STU_ID VARCHAR2(2)
STU_NAME VARCHAR2(10)
STU_CLASS VARCHAR2(10)

now when i try to modify this Stu_id column to not null its give me error.

SQL>ALTER TABLE Stu_Table MODIFY Stu_Id int(3)not null;
ALTER TABLE Stu_Table MODIFY Stu_Id int(3)not null
*
ERROR at line 1:
ORA-01735: invalid ALTER TABLE option

and when i try to add new column with not null its also gives me error

SQL> ALTER TABLE Stu_Table add C1_TEMP integer NOT NULL;
ALTER TABLE Stu_Table add C1_TEMP integer NOT NULL
*
ERROR at line 1:
ORA-01758: table must be empty to add mandatory (NOT NULL) column

View 6 Replies View Related

Server Administration :: Auditing Lob Column Changes When Working With Dbms_lob

Oct 26, 2010

It seems that dml trigger doesn't fire when lob field is being updated using dbms_lob package. As it stated in Oracle documentation:

Quote:Using OCI functions or the DBMS_LOB package to update LOB values or LOB attributes of object columns does not cause Oracle to fire triggers defined on the table containing the columns or the attributes.

I need to know that table was updated (or is about to be updated), how can I do that in case it is lob field that is being updated?

View 1 Replies View Related

PL/SQL :: Have A Function In Oracle To Select Not Null Columns At Beginning

Jul 12, 2012

I have 8 columns. Some of them might be null.I want to display all 8 columns in my result. Not null columns will be first and null at the end.

Here is a sample data :

Employee table :
Employee_id   Emp_fname  emp_lname  emp_mname  dept salary emp_height  emp_weight
   1               aaa        ddd                d1   100      6           180
   2               bbb                ccc             120                 169
   3               dfe                           d2            5.9         223

The expected result is :
result1 result2   result3 result4  result5  result6 result7 result8
1        aaa        ddd     d1       100     6        180
2        bbb        ccc     120      169
3        dfe        d2      5.9      223

View 13 Replies View Related

Security :: Enhance Security Of Windows And Recover Lost / Forgotten Password?

Nov 16, 2010

Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.

1. Is random password a great password?

A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.

2. Create the long Windows password

Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).

3. Create the Windows password constantly?

This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.

4. Write down Windows password in a proper place

Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.

5. 14 characters is the optimal password length

Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.

6. Try not to use the same Windows password for all accounts

Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.

7. Do not use some common words that other users maybe guess

Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.

You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.

View 1 Replies View Related

Application Express :: How To Connect As A Real Database Account User For Auditing

May 15, 2013

For auditing, I need to insert the user, among other data, into different tables. The thing is, I have an application with DB account authentication, so a real database user is connected, when auditing, the user field inserted is "ANONYMOUS".

Apex 4.2
EPG
Oracle Enterprise Linux 5.5
Database 11.2 EE

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved