Re: code to load tracefile into CLOB?

From: Jeremy Schneider <jeremy.schneider_at_ardentperf.com>
Date: Thu, 18 Aug 2011 10:06:15 -0500
Message-ID: <CA+fnDAYCZw6D_h0G+T81U0mA7aOuGEe4TK8MnUMzAUnS57Ps-Q_at_mail.gmail.com>

Hi Pete - thanks for pointing this out, something I hadn't completely thought through yet (and your blog post covers it well).

In this particular case, anybody with a database login already has the ability to see all of the data. Most access control is done through a middle-tier, and relatively few people actually have database login credentials (mainly developers). And since they would only be able to see files in the bdump or udump directories, they shouldn't be able to manipulate the script to see other OS files which they shouldn't access. So I think that in this particular case, the code wouldn't be opening up a new security risk... but definitely something I'll keep mulling over.

-J

On Thu, Aug 18, 2011 at 9:29 AM, Pete Finnigan <pete_at_petefinnigan.com>wrote:

> Hi Jeremy,
>
> There used to be some free PL/SQL code from Miracle - there is a link
> here http://www.petefinnigan.com/weblog/archives/00000116.htm but its
> broken. If anyone from Miracle is on the list perhaps they can advise
> whether its still around or not.
>
> Obviously also think about the security implications of what you are
> doing. When someone creates a trace for a specific purpose thats fine
> but you can also dump lots of other stuff with ALTER SESSION - have a
> look at this http://www.petefinnigan.com/weblog/archives/00001234.htm
> for some ideas.
>
> cheers
>
> Pete
>
> Jeremy Schneider wrote:
> > Just wondering... does anyone out there have a snippit of code that
> > will load a 10046 trace file from bdump or udump into a LOB? Just
> > looking for a quick and dirty way to give some developers access to
> > tracefiles (without requiring unix logins). Didn't see any code samples
> > with a quick google search, so I'm about to code it myself - just
> > thought I'd ask first.
> >
> > -Jeremy
> >
>
> --
>
> Pete Finnigan
> CEO and Founder
> PeteFinnigan.com Limited
>
> Specialists in database security.
>
> Makers of PFCLScan the database security auditing tool.
> Makers of PFCLObfuscate the tool to protect IPR in your PL/SQL
>
> If you need help to audit or secure an Oracle database, please ask for
> details of our training courses and consulting services
>
> Phone: +44 (0)1904 791188
> Fax : +44 (0)1904 791188
> Mob : +44 (0)7759 277220
> email: pete_at_petefinnigan.com
> site : http://www.petefinnigan.com
>
> Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
> Company No : 4664901
> VAT No. : 940668114
>
> Please note that this email communication is intended only for the
> addressee and may contain confidential or privileged information. The
> contents of this email may be circulated internally within your
> organisation only and may not be communicated to third parties without
> the prior written permission of PeteFinnigan.com Limited. This email is
> not intended nor should it be taken to create any legal relations,
> contractual or otherwise.
>
>

-- 
http://www.ardentperf.com
+1 312-725-9249

Jeremy Schneider
Chicago

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Aug 18 2011 - 10:06:15 CDT

This message: [ Message body ]
Next message: dba1 mcc: "Re: ORACLE 11G data guard "real time apply " not work?"
Previous message: Robertson Lee - lerobe: "RE: Hi again"
In reply to: Pete Finnigan: "Re: code to load tracefile into CLOB?"
Next in thread: Pete Finnigan: "Re: code to load tracefile into CLOB?"
Reply: Pete Finnigan: "Re: code to load tracefile into CLOB?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message