I would like get select,insert,update commands in particular text file for my one of the schema. if i am enabling audit_trail=os in init.ora and issue
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE BY SCOTT;
Should i get above statements in text file.
Actually I would like to get all the select,insert,update statements for my particular schema. is there any way to get it from instance or log. is it possible without audit_trail?
getting logon timestamp for our auditing process. In some website, it says to get the logon timestamp I have to select it from timestamp column of dba_audit_session but when I do this, some results has a logoff earlier than logon. Is timestamp column really the logon timestamp?
SELECT
returncode,
(logoff_time-timestamp) timeonline,
TO_CHAR(timestamp, 'DD-MON-YYYY HH24:MI:SS') LOGON_TIME,
TO_CHAR(logoff_time, 'DD-MON-YYYY HH24:MI:SS') LOGOFF_TIME,
action_name
FROM dba_audit_session;
[code]....
Is there any way to get audit_trail.VALUE? I know the statement: show parameter audit_trail; can show that value. But, i want to build a function which will return a string that contain audit_trail.VALUE
View 1 Replies View RelatedI have a production database with 2 node Physical RAC ENV on two separate machines , and we are going to enable audit trail parameter to DB values to capture all failed login attempts on a database.
we have done this on our testing ENV but dont know the procedure to deploy this steps on 2 node RAC ENV . I have done the below steps on our standalone testing ENV
1.Log in as SYS and connect with the SYSDBA privilege.
oUser Name: SYS
oPassword: Enter your password.
oConnect As: SYSDBA
2.To enable audit on DB use below command
SQL>alter system set audit_trail=DB scope=SPFILE;
3.Then restart the database.
4.After successful startup use the below command to capture log
SQL> audit create session whenever not successful;
steps to enable audit_trail to capture failed login attempts on two node RAC ENV.
I need few clarifications regarding oracle wallet.
db version: 11.2.0.3.2 (Enterprise Edition)
We have a requirement to run shell scripts calling stored procedures for specific activities, which are run on database server. We do not want to store passwords in shell scripts and decided to use Secure External Password Store for hiding passwords instead of os authentication method. need few clarifications on the below.
1) Currently, we are creating oracle wallet entry on db server and making modifications in sqlnet.ora file accordingly. Is it good to use like this or we should do this only on a client machine?
2) Do we need any licensing to use this option?
3) Any knows issues with using oracle wallet?
4) Can we use orapki for creating oracle wallet instead of mkstore?
5) Any knows issues we face during startup and shutdown of db activities?
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies View RelatedLost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.
View 1 Replies View Relatedhow can we mask value of some columns in table? For example: user A is supervisor, he can query salary column in employee table, but for user B, he is staff member, he can query salary column but system just shows ***** or something like that for salary value.
View 6 Replies View RelatedI've a problem in that I cannot log onto one of our schemas on one of our databases via SQL*Plus, TOAD, SQL Developer etc.. Attempting to do so yields the following error message: "ORA-01017: invalid username/password; logon denied"
However, if I try to log onto the same schema via any of the unix boxes using the sqlplus command, that works fine.
It's only this schema that is affected. For all other schemas (on that database and on others), I don't have this problem.
what the DBAs have done?
I have inherited a query that union alls 2 select statements, I added a further field to one of the select statements ( a date field). However I need to add another dummy field to the 2nd select statement so the union query marries up I have tried to do this by simply adding a
select
'date_on'
to add a field called date on populated by 'date_on' (the name of the column in the first query)
however when I run the union query i get the error Ora-01790 expression must have same datatype as corresponding expression.
I have a dynamic query stored in a function that returns a customized SQL statement depending on the environment it is running in. I would like to create a Materialized View that uses this dynamic query.
View 1 Replies View RelatedI have data in a table and another in XML file,I used SQL query to retrive the data placed on the table, and link this query with XML query that retrieves the data stored in the xml file. The data stored in the table and xml file sharing a key field, but the xml contents are less than what in the table.I want to show only the data shared between the two queries, how can I do that?
e.g.:
Table emp:
e_id | e_name | e_sal
023 | John | 6000
143 | Tom | 9000
876 | Chi | 4000
987 | Alen | 7800
XML File
<e_id>
143
876
So, I want the output to be:
e_id | e_name | e_sal | e_fee
143 | Tom | 9000 | 300
876 | Chi | 4000 | 100
while testing SYS remote connection in our staging server. Executing the command below is OK:
sqlplus sys/<password>@sales as sysdba
While this is mind-boggling for me...
sqlplus sys@sales as sysdba
Enter password:
ERROR:
ORA-01017: Message 1017 not found; No message file for product=RDBMS,
facility=ORA
Enter user-name:
ERROR:
Error while trying to retrieve text for error ORA-01017
I entered the correct password.I've been simulating this for a couple of times, even tried the copy-and-paste method.
I have a table which contains secret data, i want that nobody can query,insert,update or delete that table, we can do by creating a table and giving rights to specific person but problem is that our programmers can query that table while working on that database.
Is there any other event or trigger which check that if person is performing DML on secret table then an error may generate.
How to disable a user's sql login? To ellaborate, I want a user to login through a certain application only with his userid on database level & not through "sqlplus username@dbname".
Is it possible? If no, then what can be done to achieve below.
I have a userid which has all the update, delete privileges on it. That id needs to be configured in the application alongwith the password. So in order to avoid misuse of that id I want to block its sql access.
I am not sure whether this can be achieved or not.
My tables are in ers_stg schema and code which collects state on these table are in etls_ers schema, what permission i need in order to get the stats collected from etls_srs schema. i am getting in sufficient privilege error.
View 1 Replies View RelatedIs there any way to identify who has compiled a specific PL / SQL stored program?
View 3 Replies View Relatedregarding Database Hardening, i am new to this concept
View 2 Replies View Relatedi enabled auditing by setting
audit_trail=db,extended in spfile,and restart the database and after that i issued command to audit as below :
audit select on emp by access;
but how to see audit log information(ie from which table),i checked dba_audit_trail but it doesnot have any record.
One of our auditing recommendation is to move table AUD$ to a separate tablespace from system. Why this recommendation is important and how to do this action ?
View 2 Replies View Relatedi have created a database on my pc and i have given a password at the time of installation , after the installation it is accessed successfully by the given password , but i observed that when i gave anything in password then it is also accessed by it and i don't have any other database of this same name.
And when i access it through another system then it is accessed only by its original password not by any other password.
how to see password of users in 11g
View 11 Replies View RelatedHow can i use OS authentication to login db?
SQL> connect / as sysdba
ERROR:
ORA-01031: insufficient privileges
sqlnet.ora text:
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
#SQLNET.AUTHENTICATION_SERVICES = (NTS)
SQLNET.INBOUND_CONNECT_TIMEOUT=1
I'm working for a credit card company and on a security project. We have oracle databases. Currently the passwords have to be changed every so often for key accounts for security purposes. Any tool to automate the process?
Any way to automate password changes on many accounts where only some people would be able to get the new password once it was changed.
Also, these IDs/passwords are sometimes used by applications to connect to the database so .ini files or some type of connection file would need to be changed automatically also.
In our database without enabling audit file, we are getting audit file.find the audit parameter output
SQL> show parameter aud
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /app/oracle10g/admin/ytr/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
we have a oracle database version 11.2.0.1. now we have installed database gateways 11g in sql server machine and created db link in oracle and working fine
Now my question is:
Windows 2003 server having sql server and 11g Gateways installed
But oracle database is 10g............if i create link in Oracle it will work? because 11gR2 gateway will synch with Oracle 10g database.
I connected to Scott user & I am trying to create a job using DBMS_SCHEDULER as mentioned below.
begin
dbms_scheduler.create_job(
job_name => 'job1',
job_type => 'PLSQL_BLOCK',
job_action => 'Insert into tab2 values(70,''TR'');',
start_date => sysdate,
repeat_interval => 'FREQ = DAILY; INTERVAL = 1');
end;
When i execute this code i'm getting an Error Message as
ORA-27486: insufficient privileges
ORA-06512: at "SYS.DBMS_ISCHED", line 99
ORA-06512: at "SYS.DBMS_SCHEDULER", line 262
ORA-06512: at line 2
I have given grant manage scheduler to scott; Manage Scheduler privilege from SYS User.
how can i secure my database from hacking by any one of these:
1-sql injections
2- DON(Danial Of service)
3- buffer overflow
4- listner hack