Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ Oracle restrict certain IP, the malicious user actions on important table     - Reset CentOS / RHEL root account password 7 (Linux)

- Why not use the ifconfig command under RedHat Linux 5 (Linux)

- Fedora10 use Git version Configuration Management (Linux)

- Python 2.7.9 Installation on Linux CentOS 6.6 (Linux)

- SecureCRT in Python scripting study guide (Programming)

- Linux unpack the tar file to a different directory (Linux)

- Linux screen command (Linux)

- Use Makeself Create installation file (Linux)

- Based shell: using read, the command-line script to achieve mass participation and input two integer calculation (Programming)

- Android studio multi-channel ultra-compact version of the package (Programming)

- Linux centralized log server rsyslog (Server)

- Ubuntu 15.04 installed Nvidia Quadro series graphics driver (Linux)

- How to extend / remove swap partitions (Linux)

- Using RAID in Linux: Create a RAID 5 (Linux)

- PHP parsing algorithm of the interview questions (Programming)

- Hadoop 2.6.0 standalone configuration and pseudo-distributed configuration under Ubuntu 14.04 (Server)

- Oracle 11g 10g induced into error (Database)

- Use Ansible installation NGINX and NGINX Plus (Server)

- Web cache basics: terminology, HTTP headers, and caching policies (Server)

- Ubuntu 14.10 / 14.04 how to install Quick Start tool Mutate 2.2 (Linux)

 
         
  Oracle restrict certain IP, the malicious user actions on important table
     
  Add Date : 2018-11-21      
         
         
         
  1. Description of the problem

Oracle is no limit ip default account of such risks is that, if I know the oracle user account name and password, as long as I can connect to the db, db you can operate, so for db line is very dangerous because some of the non-dba staff, such as developers, testers accidentally removed a data line, miserable, pit too afraid to look. Therefore, investigation of the investigation, to find a way to add some important trigger on the table to limit the user to operate the line db table.

2, the trigger write
If the open global sql audit, consume too much performance, is not appropriate, and only want to come in on the table to do some important limitations, has initially solved the problem.

1) Verify ip: (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211')

2) Verify the user name: selects.USERNAME into v_username from v $ session s where s.audsid = (selectuserenv ( 'SESSIONID') from dual) and rownum <2

3) sample stored procedure is as follows:

create or replace triggerpri_stu_test_limit

 before update or delete or insert on stu.zzz_test

DECLARE

  PRAGMA AUTONOMOUS_TRANSACTION;

  v_username varchar2 (200) default '';

BEGIN

 

 select s.USERNAME into v_username from v $ session s wheres.audsid = (select userenv ( 'SESSIONID') from dual) and rownum <2;

 

  IFdeleting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

      THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not delete the table');

 ELSIF inserting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not insert the table');

 ELSIF updating

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not update the table');

  END IF;

END;

3. Verification:
SQL>

SQL> insert into stu.zzz_testvalues ​​(3, 'zhuren33');

insert into stu.zzz_testvalues ​​(3, 'zhuren33')

ORA-20001: can not insert the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 18

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> update stu.zzz_test setremark = 'zhuren33_up' where id = 3;

update stu.zzz_test setremark = 'zhuren33_up' where id = 3

ORA-20001: can not update the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 22

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> delete from stu.zzz_test where id = 3;

delete from stu.zzz_test where id = 3

ORA-20001: can not delete the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 14

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

SQL>

OK additions and deletions can be locked, it should be a temporary solution to the problem, there are still many issues that need follow-up together to solve.
     
         
         
         
  More:      
 
- How to publish projects to the Jcenter repository using Gradle in Android Studio (Programming)
- Single-node Hadoop installation notes distributed pseudo & (Server)
- MariaDB database storage path modify configuration issues (Database)
- MongoDB fragmentation (Cluster) (Database)
- Understanding the type in C ++ bitset (Programming)
- Based kubernetes Construction Docker Cluster Management Comments (Server)
- Apache Mina framework Practice (Programming)
- Use SecureCRT to transfer files between local and remote hosts (Linux)
- Manually compile Hadoop 2.6.0 under Ubuntu 14.04 (Server)
- Effective Java - lazy initialization (Programming)
- Linux static library generated Guide (Programming)
- Linux system started to learn: how to view the contents of the seed on the Linux file (Linux)
- Linux system on how to use rsync to synchronize data (Server)
- How to install Nginx on FreeBSD 10.2 as an Apache reverse proxy (Server)
- RHEL (RedHat) 6.3 using EPEL Yum source (Linux)
- Linux system boot process detail (Linux)
- ADSL router to defend their own network security methods (Linux)
- Configuring DNS process under CentOS 6.5 (Server)
- How to upgrade to Ubuntu 14.04 Ubuntu 14.10 (Linux)
- DVD production using CentOS installation source within the company Yum (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.