Re: DB link Secureness

From: Rich J <rich242j_at_gmail.com>
Date: Thu, 10 Dec 2020 09:39:25 -0600
Message-ID: <CAANsBX2cfq_QGC2m_xg8VubwknJ2Wo7ke_FN2zOQ-CBO-9PurA_at_mail.gmail.com>

You might want to consider creating multiple triggers on just the schemas needing to be audited/secured. If someone were to accidentally delete/truncate that security table, well, it would be bad. I would always have at least one way into the database that didn't rely on that trigger firing.

My $.02,
Rich

On Thu, Dec 10, 2020 at 9:07 AM Lok P <loknath.73_at_gmail.com> wrote:

> Hi, we are on the 11.2.0.4 version of Oracle. I have been a bit confused
> about working on the public VS private DB links. But recently, we have a
> security audit requirement in which it's required to block the login of
> users from other hosts except the defined ones through the DB link user
> login account. Team is coming up with the below trigger to handle this, for
> which we will insert all possible legitimate "HOST Name" and "DB link
> username" entries manually in a table "DB_LINK_USERS", and then below
> trigger will ensure the login from valid hosts.
>
> We are trying to understand if this solution is okay considering it will
> be fired in each and every login and if it will have any significant
> performance overhead. Or any other way we should cater this need?
>
> CREATE OR REPLACE TRIGGER SYSTEM.LOGON_DENY
>
> AFTER LOGON ON DATABASE
>
> DECLARE
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Dec 10 2020 - 16:39:25 CET

This message: [ Message body ]
Next message: Rich J: "Re: Questions about SQL*Developer CLI for exporting data"
Previous message: Noveljic Nenad: "RE: Questions about SQL*Developer CLI for exporting data"
In reply to Lok P: "DB link Secureness"
Next in thread: Lok P: "Re: DB link Secureness"
Reply: Lok P: "Re: DB link Secureness"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message