Oracle restrict certain IP, the malicious user actions on important table - database - newfreesoft.com

Home

PC Games

Linux

Windows

Database

Network

Programming

Server

Mobile


	Home \ Database \ Oracle restrict certain IP, the malicious user actions on important table			- Oracle DataGuard principles and basic configuration (Database) - Installation and Configuration Tomcat environment CentOS 6.6 (Server) - Use Android Studio and Gradle packaged multi-version APK (Programming) - CentOS 6.5 using Virtualenv under development environment to build Python3 (Linux) - 20 Top Linux commands (Linux) - Use of the storage-level replication technology will quickly clone a ASM database to the target environment (Database) - Install multiple Linux distributions and Fedora 21 first experience on the same hard disk (Linux) - Linux System Getting Started Learning: Debian download, installation and graphical interface (Linux) - Docker in the development and practice of IFTTT (Server) - MySQL + Heartbeat + DRBD deployment architecture (Server) - To see the Linux device tree (Linux) - CentOS install SystemTap-2.6 (Linux) - PHP loop reference caused strange problems (Programming) - Use dump restore mode fast backup and recovery system FreeBSD (Linux) - Linux kernel RCU (Read Copy Update) lock Brief (Linux) - Four Methods of Self - Learning Linux (Linux) - Quota for Vsftpd do use disk quotas (Server) - Linux shell in back quotes (`) Application (Linux) - How to install GIMP 2.8.16 in Ubuntu 16.04,15.10,14.04 (Linux) - Shell generated using automated configuration script Orabbix (Database)

	Oracle restrict certain IP, the malicious user actions on important table
	Add Date : 2018-11-21



	1. Description of the problem Oracle is no limit ip default account of such risks is that, if I know the oracle user account name and password, as long as I can connect to the db, db you can operate, so for db line is very dangerous because some of the non-dba staff, such as developers, testers accidentally removed a data line, miserable, pit too afraid to look. Therefore, investigation of the investigation, to find a way to add some important trigger on the table to limit the user to operate the line db table. 2, the trigger write If the open global sql audit, consume too much performance, is not appropriate, and only want to come in on the table to do some important limitations, has initially solved the problem. 1) Verify ip: (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') 2) Verify the user name: selects.USERNAME into v_username from v $ session s where s.audsid = (selectuserenv ( 'SESSIONID') from dual) and rownum <2 3) sample stored procedure is as follows: create or replace triggerpri_stu_test_limit before update or delete or insert on stu.zzz_test DECLARE PRAGMA AUTONOMOUS_TRANSACTION; v_username varchar2 (200) default ''; BEGIN select s.USERNAME into v_username from v $ session s wheres.audsid = (select userenv ( 'SESSIONID') from dual) and rownum <2; IFdeleting AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username) THEN RAISE_APPLICATION_ERROR (-20001, 'can not delete the table'); ELSIF inserting AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username) THEN RAISE_APPLICATION_ERROR (-20001, 'can not insert the table'); ELSIF updating AND (sys_context ( 'userenv', 'ip_address') not in ( '192.168.120.211') OR 'stuuser' like v_username) THEN RAISE_APPLICATION_ERROR (-20001, 'can not update the table'); END IF; END; 3. Verification: SQL> SQL> insert into stu.zzz_testvalues (3, 'zhuren33'); insert into stu.zzz_testvalues (3, 'zhuren33') ORA-20001: can not insert the table ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 18 ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT' SQL> commit; Commit complete SQL> SQL> update stu.zzz_test setremark = 'zhuren33_up' where id = 3; update stu.zzz_test setremark = 'zhuren33_up' where id = 3 ORA-20001: can not update the table ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 22 ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT' SQL> commit; Commit complete SQL> SQL> delete from stu.zzz_test where id = 3; delete from stu.zzz_test where id = 3 ORA-20001: can not delete the table ORA-06512: at "stuuser.PRI_STU_ACCT_LIMIT", line 14 ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT' SQL> commit; Commit complete SQL> OK additions and deletions can be locked, it should be a temporary solution to the problem, there are still many issues that need follow-up together to solve.



	More:
	- Use LKM change the default linux security level (Linux) - Top command: the Task Manager under linux (Linux) - To install Google Chrome browser under Ubuntu 14.04 LTS (Linux) - Python exception summary (Programming) - Oracle View Object Information (Database) - Analysis RabbitMQ cluster (Server) - Linux system security check notes on performance (Linux) - Through Oracle to help restore MySQL data problems (Database) - Kernel compile under Debian (Linux) - MongoDB 2.6 deployment replica set + partitions (Database) - Editor of the popular Linux Gvim (Linux) - UNIX how to restrict users by IP Telnet (Linux) - CentOS6 5 source compiler installation Hadoop2.5.1 (Server) - Database start listening TNS-12537, TNS-12560 error (Database) - awk Programming Model (Programming) - SSH keys using login and password to log prohibited practice (Linux) - Oracle database with test data insertion speed (Database) - Linux use glibc2 library and crypt () function to generate the user password (Programming) - Create several practical points of high security PHP site (Linux) - Understanding and Memcached MongoDB arbitration node, Zookeeper, Redis Recovery Programme Thoughts (Database)


	CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.