Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Database \ Oracle restrict certain IP, the malicious user actions on important table     - SYN attack hacker attack and defense of the basic principles and prevention technology (Linux)

- To install the latest version of the EPEL on CentOS 5.x or 6.x (Linux)

- Android system source code and compile the kernel source code (Programming)

- Binary Packages Golang (Linux)

- How to monitor Linux system performance Nmon (Linux)

- Oracle study notes view (Database)

- Getting Started with Linux system to learn: How to compress JPEG images on the command line (Linux)

- Running into the site-wide HTTPS (Server)

- C ++ inheritance and derived (induction principle) (Programming)

- Python substring format (Programming)

- Five Linux user space debugging tool (Linux)

- Compile and install Ubuntu Linux 4.0.5 kernel, network and fix vmware kernel module compilation error (Linux)

- C # dynamic class notes --- (Dynamic) Applications (Programming)

- SSH does not require a password to log on to a Linux server (Server)

- Linux Network Analysis Tcpdump Command Guide (Linux)

- To install Xen in Ubuntu 12.04 (Linux)

- RHEL7.0 log system (Linux)

- Wine 1.7 is installed on a system based on RedHat or Debian (Linux)

- Linux Kernel 4.2.2 compiler installation tutorial (Linux)

- To obtain installation package (RPM) under RHEL6 (Linux)

 
         
  Oracle restrict certain IP, the malicious user actions on important table
     
  Add Date : 2018-11-21      
         
         
         
  1. Description of the problem

Oracle is no limit ip default account of such risks is that, if I know the oracle user account name and password, as long as I can connect to the db, db you can operate, so for db line is very dangerous because some of the non-dba staff, such as developers, testers accidentally removed a data line, miserable, pit too afraid to look. Therefore, investigation of the investigation, to find a way to add some important trigger on the table to limit the user to operate the line db table.

2, the trigger write
If the open global sql audit, consume too much performance, is not appropriate, and only want to come in on the table to do some important limitations, has initially solved the problem.

1) Verify ip: (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211')

2) Verify the user name: selects.USERNAME into v_username from v $ session s where s.audsid = (selectuserenv ( 'SESSIONID') from dual) and rownum <2

3) sample stored procedure is as follows:

create or replace triggerpri_stu_test_limit

 before update or delete or insert on stu.zzz_test

DECLARE

  PRAGMA AUTONOMOUS_TRANSACTION;

  v_username varchar2 (200) default '';

BEGIN

 

 select s.USERNAME into v_username from v $ session s wheres.audsid = (select userenv ( 'SESSIONID') from dual) and rownum <2;

 

  IFdeleting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

      THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not delete the table');

 ELSIF inserting

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not insert the table');

 ELSIF updating

  AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username)

  THEN

  RAISE_APPLICATION_ERROR (-20001, 'can not update the table');

  END IF;

END;

3. Verification:
SQL>

SQL> insert into stu.zzz_testvalues ​​(3, 'zhuren33');

insert into stu.zzz_testvalues ​​(3, 'zhuren33')

ORA-20001: can not insert the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 18

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> update stu.zzz_test setremark = 'zhuren33_up' where id = 3;

update stu.zzz_test setremark = 'zhuren33_up' where id = 3

ORA-20001: can not update the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 22

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

 

SQL>

SQL> delete from stu.zzz_test where id = 3;

delete from stu.zzz_test where id = 3

ORA-20001: can not delete the table

ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 14

ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'

SQL> commit;

Commit complete

SQL>

OK additions and deletions can be locked, it should be a temporary solution to the problem, there are still many issues that need follow-up together to solve.
     
         
         
         
  More:      
 
- ORA-00600: internal error code, arguments: [keltnfy-ldmInit], [46], [1], [], [], [], [], [] (Database)
- Linux vi command list (Linux)
- ORA-01839 error caused by incorrect system date setting (Database)
- linux raid levels and concepts introduced (Linux)
- CV: Linux command displays the progress of the run command (Linux)
- Linux firewall rules example Extracts (Linux)
- ASM Disk Space Check (Database)
- Single Instance ASM under CRS-4124, CRS-4000 error handling (Database)
- Ubuntu system cp: omitting directory problem (Linux)
- HTTP and FTP TCP-FLOOD CC Attacks Analysis and Prevention solutions under CentOS 6.5 (Linux)
- in no backup ex: error: Xin Tourou ah backup child process has Singles DAT / US person / bin / in no backup ex (Database)
- Linux Operating System Security Management Experience (Linux)
- File SUID, SGID, Sticky property (Linux)
- Understand the security restore accidentally deleted critical system files (Linux)
- Oracle bdump file soaring (Database)
- How to fix apt-get update can not add a new CD-ROM error (Linux)
- redis configuration in detail (English) (Database)
- Linux performance monitoring and common commands Introduction (Linux)
- How to set up HTTPS policies for older browsers (Server)
- Linux serial debugging tools xgcom install (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.