| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Is the client IP address available
In 8.1.5 you can SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') FROM DUAL to get your client's ip address.
Eugene Firyago <efiryago_at_bisys.com> wrote in message
news:8bqi5p$ss0$1_at_bob.news.rcn.net...
> Check with Oracle8i (8.1.6) Supplied Packages Reference for the UTL_TCP
> package.
>
> Eugene.
>
> Billy Verreynne <vslabs_at_onwe.co.za> wrote in message
> news:8bqaic$fep$1_at_ctb-nnrp1.saix.net...
> > Kevin Wise wrote in message <8booah$ia6$1_at_schbbs.mot.com>...
> > >Is there any way to determine the IP address of the client from PL/SQL
or
> > >Java? I am trying to write a trigger that records the IP address where
> > >certain changes are coming from. Thanks!
> >
> >
> > My guess is no. If you're lucky, the client may specify an ip address in
the
> > connection string that you can pick up in V$SESSIONS - e.g. Cognus'
> > Impromptu tool used to do (still does?) this.
> >
> > On NT for example, the domain (or workgroup) and NetBIOS name of the
machine
> > is specified (a feature of SQL*Net/Net8 on NT I believe).
> >
> > But there are several problems doing this type of thing.
> >
> > Not all clients specify the same type of connection strings, which
renders
> > the machine column in V$SESSION inconsistent. To access the V$SESSION
table
> > requires DBA privs which may not be a good idea to grant for the owner
of
> > the trigger.
> >
> > Then there's the concept of using IP addresses - an ip address is very
> > easily changed or spoofed. This can not be used to try and identify the
> > machine who originated the change in data in Oracle. A better "address"
is
> > the physical Mac address of the network card. But even then, it is very
easy
> > to walk into the office, slap in a network card from home into the PC
and
> > then change Oracle data to your heart's content without the slightest
fear
> > in being traced.
> >
> > IMHO, logging ip addresses may seem like a good idea, but it a waste of
time
> > and resources and seldom achieve anything. Especially if the plan is to
use
> > this for auditing and security purposes. It is really not difficult
hitting
> > a target machine with a DoS attack and then spoofing that machine's IP
> > address. Even ordinary users in your organisation can do this by simply
> > downloading the right "tools" from the web (speaking here from personal
> > experiences).
> >
> > Remember, that Oracle provides extensive security. It's a good idea to
use
> > it. The operating system Oracle runs on (be it NT or Unix) also provides
> > security. Use it. If network security is critical, then use a firewall
to
> > protect your servers. If you need a middle layer between the client and
the
> > server, then use 3 tier architecture and an application server that
plays
> > cop.
> >
> > Security is often an afterthought in database design and client-server
> > implementations. And to be honest (without knowing the details of why
you
> > want to do this), recording ip addresses -sounds- to me a lot like a
mere
> > security afterthought.
> >
> > My crazed thoughts on the subject anyway... :-)
> >
> > regards,
> > Billy
> >
> >
> >
>
>
Received on Wed Mar 29 2000 - 00:00:00 CST
 |
 |