Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Auditing using DB EXTENDED

DB EXTENDED adds two extra columns to the SYS.AUD$ table which includes sqltext and sqlbind:

SQLBIND CLOB
SQLTEXT CLOB
SQLTEXT is the actual text that the user typed in. This could be very useful to trace back unauthorised access. One problem is that because the audit is from the database then an attacker could easily delete select rows in SYS.AUD$.

An interesting fact is that the auditing inserts into SYS.AUD$ are also recorded in the redo logs which are of course OS based. This gives a second place to read the audit if the DB audit was deleted. The full text of the attackers SQL is also recorded to the redo logs as can be seen in the screenshot.Auditing using DB EXTENDED

Leave a Reply

You must be logged in to post a comment.