RE: SQL audit
From: Job Miller <jobmiller_at_yahoo.com>
Date: Tue, 22 Dec 2009 12:22:01 -0800 (PST)
Message-ID: <931886.21438.qm_at_web53902.mail.re2.yahoo.com>
On the original question of auditing SQL, I have heard of environments that use a simple FGA policy on all application data tables that checks the user and potentially other attributes of the session context and audits all access/insert/update/delete of application data in those tables from db accounts other than the apps user using the application on the app server machines.
Date: Tue, 22 Dec 2009 12:22:01 -0800 (PST)
Message-ID: <931886.21438.qm_at_web53902.mail.re2.yahoo.com>
On the original question of auditing SQL, I have heard of environments that use a simple FGA policy on all application data tables that checks the user and potentially other attributes of the session context and audits all access/insert/update/delete of application data in those tables from db accounts other than the apps user using the application on the app server machines.
as someone indicated, various aspects of that can be spoofed, BUT, it doesn't take a lot of coding to create an FGA policy that audits app access for insert/update/delete from accounts other than the apps user and captures the SQL, host, client, etc of where the connection came from.
check the docs/google for examples of Fine Grained Auditing.
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Dec 22 2009 - 14:22:01 CST