Re: Sarbanes-Oxley

From: DA Morgan <damorgan_at_x.washington.edu>
Date: Sat, 30 Oct 2004 08:46:34 -0700
Message-ID: <1099151135.942655@yasure>

Noons wrote:

> DA Morgan <damorgan_at_x.washington.edu> wrote in message news:<1099101690.698157_at_yasure>...
>
>
>

>>I did. But how is that going to catch someone logging in from SQL*Plus?
>>I don't just need to know they are there ... I need to know what they
>>are doing. I think it impossible but that doesn't mean someone out there
>>doesn't know how to do it.
>>

>
>
> I'm not 100% sure, but the Oracle login auditing in V7 did list which
> terminal a logo came from, when, for how long, who, and which
> program was used to login. It needs to be maaged carefully because
> of sizes, but it used to be reasonably comprehensive. Dunno for sure,
> it's been >7 years since my last v7...
>
> As for SQL*Plus, the PUPBLD stuff has been active since V6
> so if the problem is security, it can be used to stop users
> doing wrong things. For other logging though, it is short...

The misery is that Oracle intentionally never audited SYS or INTERNAL on the basis that if something went wrong with the auditing you couldn't get into the database as SYS or INTERNAL to fix it.

Any solution that doesn't as Pete suggests come from outside the database risks creating this same nightmare.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)

Received on Sat Oct 30 2004 - 10:46:34 CDT