| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Is the client IP address available
This is exactly what I need. Thanks!
BTW, for those of you worried about security, I do not intend to use the IP
address for security; rather I am trying to produce a tool which will broadcast
messages to all users currently logged into the server...
This should do the trick.
Kevin
Mike Morgan wrote:
> In 8.1.5 you can SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') FROM DUAL to get
> your client's ip address.
>
> Eugene Firyago <efiryago_at_bisys.com> wrote in message
> news:8bqi5p$ss0$1_at_bob.news.rcn.net...
> > Check with Oracle8i (8.1.6) Supplied Packages Reference for the UTL_TCP
> > package.
> >
> > Eugene.
> >
> > Billy Verreynne <vslabs_at_onwe.co.za> wrote in message
> > news:8bqaic$fep$1_at_ctb-nnrp1.saix.net...
> > > Kevin Wise wrote in message <8booah$ia6$1_at_schbbs.mot.com>...
> > > >Is there any way to determine the IP address of the client from PL/SQL
or
> > > >Java? I am trying to write a trigger that records the IP address where
> > > >certain changes are coming from. Thanks!
> > >
> > >
> > > My guess is no. If you're lucky, the client may specify an ip address in
the
> > > connection string that you can pick up in V$SESSIONS - e.g. Cognus'
> > > Impromptu tool used to do (still does?) this.
> > >
> > > On NT for example, the domain (or workgroup) and NetBIOS name of the
machine
> > > is specified (a feature of SQL*Net/Net8 on NT I believe).
> > >
> > > But there are several problems doing this type of thing.
> > >
> > > Not all clients specify the same type of connection strings, which
renders
> > > the machine column in V$SESSION inconsistent. To access the V$SESSION
table
> > > requires DBA privs which may not be a good idea to grant for the owner
of
> > > the trigger.
> > >
> > > Then there's the concept of using IP addresses - an ip address is very
> > > easily changed or spoofed. This can not be used to try and identify the
> > > machine who originated the change in data in Oracle. A better "address"
is
> > > the physical Mac address of the network card. But even then, it is very
easy
> > > to walk into the office, slap in a network card from home into the PC
and
> > > then change Oracle data to your heart's content without the slightest
fear
> > > in being traced.
> > >
> > > IMHO, logging ip addresses may seem like a good idea, but it a waste of
time
> > > and resources and seldom achieve anything. Especially if the plan is to
use
> > > this for auditing and security purposes. It is really not difficult
hitting
> > > a target machine with a DoS attack and then spoofing that machine's IP
> > > address. Even ordinary users in your organisation can do this by simply
> > > downloading the right "tools" from the web (speaking here from personal
> > > experiences).
> > >
> > > Remember, that Oracle provides extensive security. It's a good idea to
use
> > > it. The operating system Oracle runs on (be it NT or Unix) also provides
> > > security. Use it. If network security is critical, then use a firewall
to
> > > protect your servers. If you need a middle layer between the client and
the
> > > server, then use 3 tier architecture and an application server that
plays
> > > cop.
> > >
> > > Security is often an afterthought in database design and client-server
> > > implementations. And to be honest (without knowing the details of why
you
> > > want to do this), recording ip addresses -sounds- to me a lot like a
mere
> > > security afterthought.
> > >
> > > My crazed thoughts on the subject anyway... :-)
> > >
> > > regards,
> > > Billy
> > >
> > >
> > >
> >
> >
Received on Tue Apr 11 2000 - 00:00:00 CDT
 |
 |