Received: (qmail 14795 invoked from network); 11 Jan 2010 13:40:12 -0600 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by static-ip-85-25-126-90.inaddr.intergenia.de with SMTP; 11 Jan 2010 13:40:03 -0600 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 70AD7CC6FA3; Mon, 11 Jan 2010 14:39:37 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at localhost.localdomain Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FQ0Ga2wU+9KP; Mon, 11 Jan 2010 14:39:37 -0500 (EST) Received: from turing.freelists.org (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 4EB85CC6CF0; Mon, 11 Jan 2010 14:38:57 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Mon, 11 Jan 2010 14:38:15 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id B30FCCC6CCC for ; Mon, 11 Jan 2010 14:38:15 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hnGMqCmhEVJb for ; Mon, 11 Jan 2010 14:38:15 -0500 (EST) Received: from mail-pw0-f47.google.com (mail-pw0-f47.google.com [209.85.160.47]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 4A7ACCC6CD9 for ; Mon, 11 Jan 2010 14:38:14 -0500 (EST) Received: by pwj10 with SMTP id 10so1836950pwj.26 for ; Mon, 11 Jan 2010 11:38:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=sdFgtwPPpgU09BX7yUygxFsWCSClsaVRHsF6RPpnow4=; b=T0UDnFmDqN5PMcFGBCkPAIzE+oElow5latkClDuDIsh/eH1pomcw5Mmwlwr8MNx4dk yByRLwW/qS5bAry/zvBQDwtr7qkPeP1CCoSpVEeeb/ETqLgEMg6WO1OgaqNSzqF/kI8M gvQ07dspAaVyr2P/zLjBqe8eK8ythdm342kyU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=lw6Td2rQmRpQjubkX4kIPzYydQ1aNtRVcejPM/GJTOR442EGMJrdoWl3a1QqHjAht8 lAS6XfldbvkVNawC91v0QVAj//yB32ZbbOP/RGKmOQvw2KBditEpxMImzNvl9MvIRyhW YDR97FmtaeITZYGJ8azJ2KyGnpFVVsgdJKr3A= MIME-Version: 1.0 Received: by 10.142.56.21 with SMTP id e21mr13737632wfa.40.1263238694240; Mon, 11 Jan 2010 11:38:14 -0800 (PST) In-Reply-To: <7765c8971001111101v287384c0m1503ad636273f7cc@mail.gmail.com> References: <7765c8971001111101v287384c0m1503ad636273f7cc@mail.gmail.com> Date: Mon, 11 Jan 2010 13:38:14 -0600 Message-ID: Subject: Re: Database comparisons From: Dennis Williams To: Niall Litchfield Cc: oracle-l@freelists.org Content-Type: multipart/alternative; boundary=0016368e1cb3a30134047ce8ad82 X-archive-position: 24441 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: oracledba.williams@gmail.com Precedence: normal Reply-to: oracledba.williams@gmail.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l --0016368e1cb3a30134047ce8ad82 Content-Type: text/plain; charset=ISO-8859-1 Toon, Jared, Robert, Richard, Niall, Thanks for all the excellent suggestions. Obviously I need to describe the app better. This is a vendor-supplied 3-tier application so there are server processes that process requests from the clients. But then my company has extensively modified the application with client customizations. Even though we are testing from a single client, the database will see changes from the server processes as well as through several direct client connections. Yes, we do application validation before applying the changes (client and database) to production. As part of that validation we currently execute the application and then verify the correct data changes were made in the database. Fortunately this application has fewer than 200 tables. The auditor's question was essentially that "you are making changes to table A and verifying those changes, but how do you know the application didn't also change table B". I wasn't involved in the original question that led to the finding. I'm hoping for something that I can set up to screen out the expected data changes to make the unexpected data changes more obvious. I hadn't considered using auditing - thanks Niall for that suggestion. Robert, thanks for the Flashback Version Query suggestion. I'll look into that as well. I should be able to make UNDO large enough. Dennis On Mon, Jan 11, 2010 at 1:01 PM, Niall Litchfield < niall.litchfield@gmail.com> wrote: > Hi, that sounds a bit daft but still wouldn't a db audit trail with > reports periodically sent to the auditor do the job? You know audit > update, insert delete on .... > > On 1/11/10, Dennis Williams wrote: > > List, > > > > We have an audit finding related to data integrity. I'm looking for a way > to > > detect all database changes on a small test database. Fortunately the > > environment is well-contained. Typically when we've made application > > changes, we verify that the data changes are what we expect. The auditors > > are insisting that we somehow verify there aren't unexpected changes in > > other tables. The environment is Oracle 10.2.0.4 on Solaris. I have three > > thoughts: > > > > 1. The test database is freshly loaded from an export. After the tests, > take > > an export and use UNIX "diff" and compare with the import. > > 2. Log Miner, or somehow more directly inspecting the archive logs. > > 3. Use some of the new flashback features to detect changes. This just > > occurred to me and I haven't had time to investigate it. > > > > Has anyone else done anything like this before? > > > > Dennis Williams > > > > -- > Sent from my mobile device > > Niall Litchfield > Oracle DBA > http://www.orawin.info > --0016368e1cb3a30134047ce8ad82 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
=A0
Toon, Jared, Robert, Richard, Niall,
=A0
Thanks for all the excellent suggestions.
=A0
Obviously I need to describe the app better. This is a vendor-supplied= 3-tier application so there are server processes that process requests fro= m the clients. But then my company has extensively modified the application= with client customizations. Even though we are testing from a single clien= t, the database will see changes from the server processes as well as throu= gh=A0several direct client connections.
=A0
Yes, we do application validation before applying the changes (client = and database) to production. As part of that validation we currently=A0exec= ute the application and then verify the correct data changes were made in t= he database. Fortunately this application has fewer than 200 tables.
=A0
The auditor's question was essentially that "you are making c= hanges to table A and verifying those changes, but how do you know the appl= ication didn't also change table B". I wasn't involved in the = original question that led to the finding.
=A0
I'm hoping for something that I can set up to screen out the expec= ted data changes to make the unexpected data changes more obvious.
=A0
I hadn't considered using auditing - thanks Niall for that suggest= ion.
=A0
Robert, thanks for the Flashback Version Query suggestion. I'll lo= ok into that as well. I should be able to make UNDO large enough.
=A0
Dennis

On Mon, Jan 11, 2010 at 1:01 PM, Niall Litchfiel= d <niall= .litchfield@gmail.com> wrote:
Hi, that sounds a bit daft but s= till wouldn't a db audit trail with
reports periodically sent to the= auditor do the job? You know audit
update, insert delete on ....

On 1/11/10, Dennis Williams <oracledba.williams@gmail.com> wrote:
&= gt; List,
>
> We have an audit finding related to data integrit= y. I'm looking for a way to
> detect all database changes on a small test database. Fortunately the<= br>> environment is well-contained. Typically when we've made applic= ation
> changes, we verify that the data changes are what we expect. = The auditors
> are insisting that we somehow verify there aren't unexpected chang= es in
> other tables. The environment is Oracle 10.2.0.4 on Solaris. = I have three
> thoughts:
>
> 1. The test database is fres= hly loaded from an export. After the tests, take
> an export and use UNIX "diff" and compare with the import.> 2. Log Miner, or somehow more directly inspecting the archive logs.<= br>> 3. Use some of the new flashback features to detect changes. This j= ust
> occurred to me and I haven't had time to investigate it.
>> Has anyone else done anything like this before?
>
> Denn= is Williams
>

--
Sent f= rom my mobile device

Niall Litchfield
Oracle DBA
http://www.orawin.info
--0016368e1cb3a30134047ce8ad82-- -- http://www.freelists.org/webpage/oracle-l