Re: Turn Audit to Monitor Logins

From: Tim Gorman <tim_at_evdbt.com>
Date: Fri, 05 Dec 2008 12:32:18 -0700
Message-ID: <493981C2.4090705@evdbt.com>

Yikes! Possibly a good time to revoke SELECT on the DBA_AUDIT_* views from roles like SELECT_CATALOG_ROLE, or perhaps just create and use new roles similar to SELECT_CATALOG_ROLE without privileges on the audit trail views?

Thanks Jared!

Jared Still wrote:

On Fri, Dec 5, 2008 at 9:27 AM, Nagaraj S <nagaraj.chk@gmail.com> wrote:

This audit is intended to find out who logins to the user repeatedly and unsuccessfully that caused the account to be locked in more than one occasions." Please help me on this

A recently discovered (in one of our databases) drawback to auditing logon sessions:

Have you every inadvertently typed your password in to the username field of a form?

Guess what shows up in dba_audit_session.username when that is done to an oracle
database with logon auditing enabled?

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

-- http://www.freelists.org/webpage/oracle-l Received on Fri Dec 05 2008 - 13:32:18 CST

This message: [ Message body ]
Next message: Bort, Guillermo: "RE: strange temporary segment names"
Previous message: Sebasti�o Carlos: "ASM Question"
Next in thread: Yong Huang: "Re: Turn Audit to Monitor Logins"
Maybe reply: Jared Still: "Re: Turn Audit to Monitor Logins"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message