Home » RDBMS Server » Security » Configure Oracle database to display a warning banner (Database 11.2.0.4 on Linux and Windows 2008)
Configure Oracle database to display a warning banner [message #656600] Wed, 12 October 2016 08:48 Go to next message
youngb912
Messages: 53
Registered: October 2007
Location: New York
Member
I need to have our databases display warning messages whenever a user connect. This should be applicable whether the connection is from SQLPlus, or other tools such as SQL Developer. Is this possible? The message will be something like this -

This system contains proprietory information.
- Users' actions are monitored and audited.
- Unauthorized use of the system is prohibited.

Versions:
11.2.0.4
Redhat Linux and Windows 2008

/forum/fa/13283/0/


[mod-edit: message inserted into message body by bb]

[Updated on: Wed, 12 October 2016 15:12] by Moderator

Report message to a moderator

Re: Configure Oracle database to display a warning banner [message #656601 is a reply to message #656600] Wed, 12 October 2016 09:02 Go to previous messageGo to next message
BlackSwan
Messages: 25741
Registered: January 2009
Location: SoCal
Senior Member
The Oracle database has NO generic way to "display" anything to end user using any/every client software.
Re: Configure Oracle database to display a warning banner [message #656603 is a reply to message #656601] Wed, 12 October 2016 09:21 Go to previous messageGo to next message
youngb912
Messages: 53
Registered: October 2007
Location: New York
Member
Thanks for the quick response. I am using this would have to be done at the application level. Do you agreed with my assumption?
Re: Configure Oracle database to display a warning banner [message #656604 is a reply to message #656603] Wed, 12 October 2016 09:47 Go to previous messageGo to next message
BlackSwan
Messages: 25741
Registered: January 2009
Location: SoCal
Senior Member
youngb912 wrote on Wed, 12 October 2016 07:21
Thanks for the quick response. I am using this would have to be done at the application level. Do you agreed with my assumption?
SQLPLUS & SQL Developer have NOTHING to do with application level; along with any other SQL client software.

BTW on my Production Oracle DBs, I am the only person who can log into the DB not using the application software.
Re: Configure Oracle database to display a warning banner [message #656605 is a reply to message #656600] Wed, 12 October 2016 09:50 Go to previous messageGo to next message
Solomon Yakobson
Messages: 2687
Registered: January 2010
Location: Connecticut, USA
Senior Member
Yes, it is possible. You can create after login trigger or, for example, limit connections to your mid-tier server. There are possibly many more solutions.

SY.
Re: Configure Oracle database to display a warning banner [message #656606 is a reply to message #656605] Wed, 12 October 2016 10:27 Go to previous messageGo to next message
cookiemonster
Messages: 12954
Registered: September 2008
Location: Rainy Manchester
Senior Member
I don't see how you can use a login trigger to display a warning. Stop the user logging on, sure.
Re: Configure Oracle database to display a warning banner [message #656615 is a reply to message #656606] Wed, 12 October 2016 14:19 Go to previous messageGo to next message
Solomon Yakobson
Messages: 2687
Registered: January 2010
Location: Connecticut, USA
Senior Member
You are right, I missed part session stays connected.

SY.
Re: Configure Oracle database to display a warning banner [message #656657 is a reply to message #656600] Thu, 13 October 2016 10:18 Go to previous messageGo to next message
youngb912
Messages: 53
Registered: October 2007
Location: New York
Member
I was able to find a solution which I will test this week. It involves an Oracle Call Interface (oci) where the database user receives the warning message when authenticating or connecting to a front-end system that includes or covers the Oracle DBMS. It involves adding the following lines to the sqlnet.ora file:

SEC_USER_AUDIT_ACTION_BANNER = [banner file location/directory]
SEC_USER_UNAUTHORIZED_ACCESS_BANNER = [banner file/directory]
Re: Configure Oracle database to display a warning banner [message #656663 is a reply to message #656657] Thu, 13 October 2016 14:00 Go to previous messageGo to next message
Michel Cadot
Messages: 65249
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Thanks, this is indeed something interesting which works well in SQL*Plus.
I added these 2 lines to sqlnet.ora:
SEC_USER_AUDIT_ACTION_BANNER=C:\SEC_USER_AUDIT_ACTION_BANNER.txt
SEC_USER_UNAUTHORIZED_ACCESS_BANNER=C:\SEC_USER_UNAUTHORIZED_ACCESS_BANNER.txt
Each file contains only one line:
This is from <parameter name>.
Then I restart the database and:
SQL> connect michel/michel

This is from SEC_USER_UNAUTHORIZED_ACCESS_BANNER.



This is from SEC_USER_AUDIT_ACTION_BANNER.


Connected.
SQL> 
For the moment I didn't see how to do it with JDBC programs.

[Updated on: Thu, 13 October 2016 14:24]

Report message to a moderator

Re: Configure Oracle database to display a warning banner [message #656686 is a reply to message #656600] Fri, 14 October 2016 06:38 Go to previous messageGo to next message
EdStevens
Messages: 863
Registered: September 2013
Senior Member
I see you are also posting the same question on OTN - at https://community.oracle.com/thread/3980489

BTW, thank you so much for alerting the world to the fact that you work for a US Government agency. If I were of a certain persuasion, I'd now be pulling out all the stops to find everything about you and backtrack everything I could find about you on the Web, by means fair or foul, looking for a way into your system. Thank you SO much for being so security conscious.

Think I'm over-reacting?

============================================================================
c.d.o.s exchange on security breaches

http://groups.google.com/groups?hl=en&lr=&threadm=3D2D915D.52845DF3%40d2mail.de&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D %26q%3D.mil%26btnG%3DSearch%26meta%3Dgroup%253Dcomp.databases.oracle.server
============================================================================
Re: Configure Oracle database to display a warning banner [message #656691 is a reply to message #656686] Fri, 14 October 2016 08:40 Go to previous messageGo to next message
gazzag
Messages: 906
Registered: November 2010
Location: Bristol, UK
Senior Member
Did OP say they worked for the US government? That's a fairly standard security banner. They could have got it of the internet I guess.
Re: Configure Oracle database to display a warning banner [message #656696 is a reply to message #656663] Fri, 14 October 2016 12:53 Go to previous messageGo to next message
Michel Cadot
Messages: 65249
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
It also works with OCI C program:
C:\>OCIBanner
Setting up the environment...
Connecting...
Connected.
Checking for access and audit banners...
Access banner:

This is from SEC_USER_UNAUTHORIZED_ACCESS_BANNER.

Audit banner:

This is from SEC_USER_AUDIT_ACTION_BANNER.

Disconnecting...
Freeing handles...

C:\>
Code is attached.
(Good exercise for me who did not write OCI C code since last millennium.)

  • Attachment: OCIBanner.c
    (Size: 5.55KB, Downloaded 90 times)

[Updated on: Fri, 14 October 2016 14:43]

Report message to a moderator

Re: Configure Oracle database to display a warning banner [message #656724 is a reply to message #656691] Sat, 15 October 2016 21:13 Go to previous messageGo to next message
EdStevens
Messages: 863
Registered: September 2013
Senior Member
gazzag wrote on Fri, 14 October 2016 08:40
Did OP say they worked for the US government? That's a fairly standard security banner. They could have got it of the internet I guess.
It does say "may contain U.S. Government information." (Emphasis mine)

I guess it's possible his local public library could use such verbiage on their site, but I rather doubt it.
Re: Configure Oracle database to display a warning banner [message #656727 is a reply to message #656696] Sun, 16 October 2016 00:49 Go to previous message
Michel Cadot
Messages: 65249
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

Of course, as already said and like PRODUCT_USER_PROFILE, the application should be aware of this and is willing to read and display the messages.

Previous Topic: Access to Public Synonym
Next Topic: How to connect Oracle 8 client to 11gR2 when using network data encryption
Goto Forum:
  


Current Time: Mon Dec 11 01:06:19 CST 2017

Total time taken to generate the page: 0.01151 seconds