Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: application sql auditting

Re: application sql auditting

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Fri, 28 May 2004 09:33:47 +0100
Message-ID: <WISpYICrlvtARxpD@peterfinnigan.demon.co.uk> 





Hi,



You could use SQL Trace, there is a paper on my site in the ramblings
section http://www.petefinnigan.com/ramblings/how_to_set_trace.htm that
shows many many ways to tun on SQL trace. Another option is to use
SQL*Net trace to capture all of the SQL*Net network packets sent to the
database. If you use level 16 (SUPPORT) you will get the SQL in the
trace, or use a packet sniffer like snoop for Solaris (choose a tool for
your platform) and capture the SQL that way, pipe the output through
strings. There is an example on both of these in my paper "Detecting SQL
Injection on Oracle" at http://www.petefinnigan.com/orasec.htm - or you
could try a tool that grabs the OCI function calls, assuming OCI is
used. The interface would normally use OCI, sqllib or thin java client
at its lowest level even if its ODBC. There is a tool OCISPY that does
this for OCI, sqllib bypasses OCI and goes directly to the next layer,
OCISPY is not too stable but it might suffice for what you want. There
is a link to it on my tools page http://www.petefinnigan.com/tools.htm



hth



kind regards



Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Fri May 28 2004 - 03:33:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US