Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ Oracle restrict certain IP, the malicious user actions on important table     - Linux module mechanism of (Programming)

- Deepin Tutorial: Depth Description Installer expert mode (Linux)

- Ruby and Python simple comparison (Programming)

- CentOS card fails to start at boot progress bar certmonger solve (Linux)

- Analysis of MySQL Dockerfile 5.6 (Database)

- Java synchronization mechanism: synchronized, wait, notify (Programming)

- Intrusion analysis and prevention tools Knark under Linux platform (Linux)

- Using BBED repair ORA-01190 error (Database)

- Extended VMware Ubuntu root partition size (Linux)

- Oracle large table to clean truncate .. reuse storage (Database)

- Linux gprof oprofiling and performance testing tools (Linux)

- dd command: do hard disk IO performance test (Linux)

- Thinking in Java study notes - initialization and cleanup (Programming)

- Some problems and countermeasures Linux system calls exist (Linux)

- Linux network security backdoor technology and advanced skill practice (Linux)

- Empty password Linux operating system (Linux)

- ActiveMQ-based shared file system HA solutions (Server)

- How to upgrade Docker 1.6 on Fedora / CentOS (Server)

- Oracle GoldenGate encryption (Database)

- MySQL to NoSQL avatar (Database)

 
         
  Oracle restrict certain IP, the malicious user actions on important table
     
  Add Date : 2018-11-21      
         
         
         
  1. Description of the problem

Oracle is no limit ip default account of such risks is that, if I know the oracle user account name and password, as long as I can connect to the db, db you can operate, so for db line is very dangerous because some of the non-dba staff, such as developers, testers accidentally removed a data line, miserable, pit too afraid to look. Therefore, investigation of the investigation, to find a way to add some important trigger on the table to limit the user to operate the line db table.

2, the trigger write
If the open global sql audit, consume too much performance, is not appropriate, and only want to come in on the table to do some important limitations, has initially solved the problem.

1) Verify ip: (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211')

2) Verify the user name: selects.USERNAME into v_username from v $ session s where s.audsid = (selectuserenv ( 'SESSIONID') from dual) and rownum <2

3) sample stored procedure is as follows:

create or replace triggerpri_stu_test_limit

 before update or delete or insert on stu.zzz_test

DECLARE

  PRAGMA AUTONOMOUS_TRANSACTION;

  v_username varchar2 (200) default '';

BEGIN

 

 select s.USERNAME into v_username from v $ session s wheres.audsid = (select userenv ( 'SESSIONID') from dual) and rownum <2;

 

  IFdeleting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

      THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not delete the table');

 ELSIF inserting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not insert the table');

 ELSIF updating

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not update the table');

  END IF;

END;

3. Verification:
SQL>

SQL> insert into stu.zzz_testvalues ​​(3, 'zhuren33');

insert into stu.zzz_testvalues ​​(3, 'zhuren33')

ORA-20001: can not insert the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 18

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> update stu.zzz_test setremark = 'zhuren33_up' where id = 3;

update stu.zzz_test setremark = 'zhuren33_up' where id = 3

ORA-20001: can not update the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 22

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> delete from stu.zzz_test where id = 3;

delete from stu.zzz_test where id = 3

ORA-20001: can not delete the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 14

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

SQL>

OK additions and deletions can be locked, it should be a temporary solution to the problem, there are still many issues that need follow-up together to solve.
     
         
         
         
  More:      
 
- Installation and Configuration ISC DHCP server on Debian Linux (Server)
- Ceph Source Analysis: Network Module (Server)
- On Android running ClojureScript (Linux)
- Android thread mechanism --AsyncTask (Programming)
- Java open source monitoring platform Zorka basic use (Linux)
- Comparison of one-time transaction and CTE insert data (Database)
- How to allow users to access only a specific database (MSSQL) (Database)
- Linux Operating System Security Study (Linux)
- Linux Network Programming - raw socket instance: MAC header message analysis (Programming)
- Spark and Hadoop comparison (Server)
- Linux Workstation Security Checklist - from the Linux Foundation Internal (Linux)
- GNU Linux use diff to generate a patch with the patch (Linux)
- The Linux role of each directory contents (Linux)
- How to Install Cantata MPD 1.3.3 for Ubuntu and Derived Version Users (Linux)
- Shell for loop (Programming)
- Vi (Vim) keyboard map and its basic commands (Linux)
- SVN common commands (Linux)
- Practical Handbook: 130+ improve the efficiency of commonly used commands Vim (Linux)
- Ubuntu users to install Gnome-Pie 0.6.5 (Linux)
- Empty password Linux operating system (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.