Re: DB link Secureness
Date: Thu, 10 Dec 2020 09:39:25 -0600
Message-ID: <CAANsBX2cfq_QGC2m_xg8VubwknJ2Wo7ke_FN2zOQ-CBO-9PurA_at_mail.gmail.com>
You might want to consider creating multiple triggers on just the schemas
needing to be audited/secured. If someone were to accidentally
delete/truncate that security table, well, it would be bad. I would always
have at least one way into the database that didn't rely on that trigger
firing.
My $.02,
On Thu, Dec 10, 2020 at 9:07 AM Lok P <loknath.73_at_gmail.com> wrote:
> Hi, we are on the 11.2.0.4 version of Oracle. I have been a bit confused
Rich
> about working on the public VS private DB links. But recently, we have a
> security audit requirement in which it's required to block the login of
> users from other hosts except the defined ones through the DB link user
> login account. Team is coming up with the below trigger to handle this, for
> which we will insert all possible legitimate "HOST Name" and "DB link
> username" entries manually in a table "DB_LINK_USERS", and then below
> trigger will ensure the login from valid hosts.
>
> We are trying to understand if this solution is okay considering it will
> be fired in each and every login and if it will have any significant
> performance overhead. Or any other way we should cater this need?
>
> CREATE OR REPLACE TRIGGER SYSTEM.LOGON_DENY
>
> AFTER LOGON ON DATABASE
> DECLARE
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Dec 10 2020 - 16:39:25 CET