FAQ
Larry, there is a potential problem with your idea. Depending on the
version of the Oracle client and possibly the connection method in use
the v$session.program column may be null. Some versions of the client
fail to pass in the program name. Still the database logon event
trigger can be useful and is a viable option. Between v$session and
sys_context a good deal of information is available for capture and use.

IMHO -- Mark D Powell --

-----Original Message-----
From: oracle-l-bounce_at_freelists.org

Sent: Tuesday, May 16, 2006 12:17 PM
To: lawrence.wolfson_at_acxiom.com; oracle-l_at_freelists.org
Subject: RE: Security Message

Larry,

We have login triggers to track connections to our databases.
Works very well.

I wonder why your client is worried about sqlplus rather than any other
tool available in the world. Nothing magical about sqlplus - unless
they are worried about sysdba (internal) connections.

Tom

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
On Behalf Of Wolfson Larry -
lwolfs
Sent: Tuesday, May 16, 2006 11:45 AM
To: oracle-l_at_freelists.org
Subject: Security Message

One of our clients wants to put out a security message, like the one
that shows up to a OS user, anytime someone runs sqlplus on a server.

2 years ago we suggested they use the glogin.sql code to provide this.
They finally came back and asked us if we could implement it.

Now we're vacillating between that and using a login trigger to
do it.
One advantage of the login trigger is we can identify what programs are
actually being run against the database and from where.

Does anyone have a better suggestion or idea(s)?

TIA
Larry
************************************************************************

***
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.

If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank You.

--
http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l

Search Discussions

  • Wolfson Larry - lwolfs at May 16, 2006 at 5:02 pm
    Mark,

    It's their responsibility to deal with the client.
    I should have said for now this was just for sqlplus on the same server
    as the database.

    Thanks
    Larry

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org

    Sent: Tuesday, May 16, 2006 11:55 AM
    To: oracle-l_at_freelists.org
    Subject: FW: Security Message

    Larry, there is a potential problem with your idea. Depending on the
    version of the Oracle client and possibly the connection method in use
    the v$session.program column may be null. Some versions of the client
    fail to pass in the program name. Still the database logon event
    trigger can be useful and is a viable option. Between v$session and
    sys_context a good deal of information is available for capture and use.

    IMHO -- Mark D Powell --

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org

    Sent: Tuesday, May 16, 2006 12:17 PM
    To: lawrence.wolfson_at_acxiom.com; oracle-l_at_freelists.org
    Subject: RE: Security Message

    Larry,

    We have login triggers to track connections to our databases.
    Works very well.

    I wonder why your client is worried about sqlplus rather than any other
    tool available in the world. Nothing magical about sqlplus - unless
    they are worried about sysdba (internal) connections.

    Tom

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Wolfson Larry -
    lwolfs
    Sent: Tuesday, May 16, 2006 11:45 AM
    To: oracle-l_at_freelists.org
    Subject: Security Message

    One of our clients wants to put out a security message, like the one
    that shows up to a OS user, anytime someone runs sqlplus on a server.

    2 years ago we suggested they use the glogin.sql code to provide this.
    They finally came back and asked us if we could implement it.

    Now we're vacillating between that and using a login trigger to
    do it.
    One advantage of the login trigger is we can identify what programs are
    actually being run against the database and from where.

    Does anyone have a better suggestion or idea(s)?

    TIA
    Larry
    ************************************************************************

    ***
    The information contained in this communication is confidential, is
    intended only for the use of the recipient named above, and may be
    legally privileged.

    If the reader of this message is not the intended recipient, you are
    hereby notified that any dissemination, distribution or copying of this
    communication is strictly prohibited.

    If you have received this communication in error, please resend this
    communication to the sender and delete the original message or any copy
    of it from your computer system.

    Thank You.

    --
    http://www.freelists.org/webpage/oracle-l

    --
    http://www.freelists.org/webpage/oracle-l

    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l
  • Wolfson Larry - lwolfs at May 16, 2006 at 5:09 pm
    Thanks Raj,

    I thought about the banner table a long time ago, but the thought left
    me.
    I also thought about replacing sqlplus in the bin directory with our own
    wrapper.
    Right now, with so many DBAs, not sure if we'd get someone all confused
    about that.
    It could get ugly if they wanted to do that on their client installs
    which we only do for app servers.

    Larry

    -----Original Message-----
    From: rjamya
    Sent: Tuesday, May 16, 2006 11:51 AM
    To: Wolfson Larry - lwolfs
    Cc: oracle-l_at_freelists.org
    Subject: Re: Security Message

    never tried this, but wonder if you can hack into the banner table ...
    but -s flag would negate it anyways.

    how would you do it using logon trigger? hmmm ...
    dbms_output.put_line, but then you must ensure that " set serveroutput
    on" is enabled for all sqlplus sessions ...

    interesting to see how this works ...
    Raj

    The information contained in this communication is confidential, is
    intended only for the use of the recipient named above, and may be legally
    privileged.

    If the reader of this message is not the intended recipient, you are
    hereby notified that any dissemination, distribution or copying of this
    communication is strictly prohibited.

    If you have received this communication in error, please resend this
    communication to the sender and delete the original message or any copy
    of it from your computer system.

    Thank You.

    --
    http://www.freelists.org/webpage/oracle-l
  • Oracle-l-bounce_at_freelists.org at May 16, 2006 at 5:11 pm
    BTW, didn't anyone else have a auditing/security department mandate
    this?

    Larry

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Wolfson Larry -
    lwolfs
    Sent: Tuesday, May 16, 2006 10:45 AM
    To: oracle-l_at_freelists.org
    Subject: Security Message

    One of our clients wants to put out a security message, like the one
    that shows up to a OS user, anytime someone runs sqlplus on a server.

    2 years ago we suggested they use the glogin.sql code to provide this.
    They finally came back and asked us if we could implement it.

    Now we're vacillating between that and using a login trigger to
    do it.
    One advantage of the login trigger is we can identify what programs are
    actually being run against the database and from where.

    Does anyone have a better suggestion or idea(s)?

    TIA
    Larry
    ************************************************************************

    ***
    The information contained in this communication is confidential, is
    intended only for the use of the recipient named above, and may be
    legally privileged.

    If the reader of this message is not the intended recipient, you are
    hereby notified that any dissemination, distribution or copying of this
    communication is strictly prohibited.

    If you have received this communication in error, please resend this
    communication to the sender and delete the original message or any copy
    of it from your computer system.

    Thank You.

    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l
  • Mercadante, Thomas F \(LABOR\) at May 16, 2006 at 5:14 pm
    Larry,

    Just curious. What are you hoping to accomplish here? Why just audit
    sqlplus run on the server?

    Tom

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org

    Sent: Tuesday, May 16, 2006 1:11 PM
    To: Wolfson Larry - lwolfs; oracle-l_at_freelists.org
    Subject: RE: Security Message

    BTW, didn't anyone else have a auditing/security department mandate
    this?

    Larry

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Wolfson Larry -
    lwolfs
    Sent: Tuesday, May 16, 2006 10:45 AM
    To: oracle-l_at_freelists.org
    Subject: Security Message

    One of our clients wants to put out a security message, like the one
    that shows up to a OS user, anytime someone runs sqlplus on a server.

    2 years ago we suggested they use the glogin.sql code to provide this.
    They finally came back and asked us if we could implement it.

    Now we're vacillating between that and using a login trigger to
    do it.
    One advantage of the login trigger is we can identify what programs are
    actually being run against the database and from where.

    Does anyone have a better suggestion or idea(s)?

    TIA
    Larry
    ************************************************************************

    ***
    The information contained in this communication is confidential, is
    intended only for the use of the recipient named above, and may be
    legally privileged.

    If the reader of this message is not the intended recipient, you are
    hereby notified that any dissemination, distribution or copying of this
    communication is strictly prohibited.

    If you have received this communication in error, please resend this
    communication to the sender and delete the original message or any copy
    of it from your computer system.

    Thank You.

    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l

    --
    http://www.freelists.org/webpage/oracle-l
  • Wolfson Larry - lwolfs at May 16, 2006 at 5:20 pm
    Tom,

    It's a mandate from this client's auditing/security groups.

    Actually we're not really auditing anything with this.

    I like the trigger just because we can easily verify what kind of
    programs other than sqlplus are hitting the database.
    Like TOAD, Golden, ACCESS, EXCEL, SQL/Server, etc., etc., etc. Of
    course we can look at listener logs, but if we're already going to do a
    trigger........ And you can turn logging off.

    Larry

    -----Original Message-----
    From: Mercadante, Thomas F (LABOR)

    Sent: Tuesday, May 16, 2006 12:14 PM
    To: Wolfson Larry - lwolfs; oracle-l_at_freelists.org
    Subject: RE: Security Message

    Larry,

    Just curious. What are you hoping to accomplish here? Why just audit
    sqlplus run on the server?

    Tom

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org

    Sent: Tuesday, May 16, 2006 1:11 PM
    To: Wolfson Larry - lwolfs; oracle-l_at_freelists.org
    Subject: RE: Security Message

    BTW, didn't anyone else have a auditing/security department mandate
    this?

    Larry

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of Wolfson Larry -
    lwolfs
    Sent: Tuesday, May 16, 2006 10:45 AM
    To: oracle-l_at_freelists.org
    Subject: Security Message

    One of our clients wants to put out a security message, like the one
    that shows up to a OS user, anytime someone runs sqlplus on a server.

    2 years ago we suggested they use the glogin.sql code to provide this.
    They finally came back and asked us if we could implement it.

    Now we're vacillating between that and using a login trigger to
    do it.
    One advantage of the login trigger is we can identify what programs are
    actually being run against the database and from where.

    Does anyone have a better suggestion or idea(s)?

    TIA
    Larry
    ************************************************************************

    ***
    The information contained in this communication is confidential, is
    intended only for the use of the recipient named above, and may be
    legally privileged.

    If the reader of this message is not the intended recipient, you are
    hereby notified that any dissemination, distribution or copying of this
    communication is strictly prohibited.

    If you have received this communication in error, please resend this
    communication to the sender and delete the original message or any copy
    of it from your computer system.

    Thank You.

    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedMay 16, '06 at 4:55p
activeMay 16, '06 at 5:20p
posts6
users3
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase