Re: Auditing and WebLogic applications.
- From: Job Miller <jobmiller@xxxxxxxxx>
- To: ORACLE-L <oracle-l@xxxxxxxxxxxxx>, norman.dunbar@xxxxxxxxxxxxxxxxxxxxxxxxx
- Date: Tue, 16 Feb 2010 12:27:04 -0800 (PST)
require the applications to set client_id.
WebLogic can actually do this for you automatically, or your code that gets the
connection from the pool can do it:
http://download.oracle.com/docs/cd/E15523_01/apirefs.1111/e13952/taskhelp/jdbc/jdbc_datasources/EnableCredentialMapping.html
If Set Client ID On Connection is selected on a data source, when an
application requests a database connection from the data source, WebLogic
Server determines the current WebLogic Server user ID and then sets the mapped
database ID as a light-weight client ID on the database connection.
If not, than:
have the application do:
DBMS_SESSION.SET_IDENTIFIER(v_user_identifier);
and than Audit records and policies can audit/show who the "real" user is:
--- On Tue, 2/16/10, Dunbar, Norman <norman.dunbar@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:
> From: Dunbar, Norman <norman.dunbar@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Subject: Auditing and WebLogic applications.
> To: "ORACLE-L" <oracle-l@xxxxxxxxxxxxx>
> Date: Tuesday, February 16, 2010, 9:44 AM
> I'm wondering how you all manage your
> WebLogic applications from an
> Oracle auditing point of view.
>
> The system in question connects using a connection pool to
> a specific
> user in the database. The users connect to the system as
> themselves
> (they have a row in a "users" table) as far as the
> application is
> concerned, but as far as auditing is concerned, the changes
> to data are
> being made by the user that weblogic is connected to.
>
> This isn't very suitable as far as auditing is concerned.
> Unless the
> applications does lots of auditing internally, is there a
> way to
> determine who did what and when - when running applications
> under
> WebLogic?
>
> Thanks.
> Norm.
>
>
>
> Information in this message may be confidential and may be
> legally privileged. If you have received this message by
> mistake, please notify the sender immediately, delete it and
> do not copy it to anyone else. We have
> checked this email and its attachments for viruses. But you
> should still check any attachment before opening it. We may
> have to make this message and any reply to it public if
> asked to under the Freedom of Information Act, Data
> Protection Act or for litigation. Email messages and
> attachments sent to or from any Environment Agency address
> may also be accessed by someone other than the sender or
> recipient, for business purposes. If we have sent you
> information and you wish to use it please read our terms and
> conditions which you can get by calling us on 08708 506
> 506. Find out more about the Environment Agency at
> www.environment-agency.gov.uk
>
> Information in this message may be confidential and may be
> legally privileged. If you have received this message by
> mistake, please notify the sender immediately, delete it and
> do not copy it to anyone else.
>
> We have checked this email and its attachments for viruses.
> But you should still check any attachment before opening
> it.
> We may have to make this message and any reply to it public
> if asked to under the Freedom of Information Act, Data
> Protection Act or for litigation. Email messages and
> attachments sent to or from any Environment Agency address
> may also be accessed by someone other than the sender or
> recipient, for business purposes.
>
> If we have sent you information and you wish to use it
> please read our terms and conditions which you can get by
> calling us on 08708 506 506. Find out more about the
> Environment Agency at www.environment-agency.gov.uk
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
