Re: Audit for program at login time

From: Jared Still <jkstill_at_gmail.com>
Date: Tue, 11 Mar 2008 16:14:04 -0700
Message-ID: <bf46380803111614x6c5718b0m96604699a3ed0b89@mail.gmail.com>

This information might be good for troubleshooting, or determining how legitimate
users access the database.

Keep in mind that the value in v$session.program is easily spoofed by any user
with nefarious purposes simply by renaming the executable.

eg. C:> move toad.exe sqlplus.exe

Something that anyone with ill intent is likely to know about.

On Tue, Mar 11, 2008 at 12:41 PM, Mary Elizabeth McNeely < mary_mcneely_at_yahoo.com> wrote:

> Hello all,
>
> I am tasked with auditing who accesses the database with what program
> (equivalent of v$session.program) upon database login. I can get everything
> I want into the audit trail by using "audit connect", except the equivalent
> of v$session.program.
>
> (a) Does anyone know of a supported way to push the program information
> into sys.aud$, and if not,
>
> (b) Does anyone know of a way to accomplish this other than a login
> trigger? Any sample code available?
>
> Thanks in advance for any hints you can offer.
>
> Mary Elizabeth McNeely
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Mar 11 2008 - 18:14:04 CDT

This message: [ Message body ]
Next message: Jared Still: "Re: PL/SQL code to create dBase IV file"
Previous message: Jeffery Thomas: "Clufvy and private interconnects"
In reply to: Mary Elizabeth McNeely: "Audit for program at login time"
Next in thread: Yechiel Adar: "Re: Audit for program at login time"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message