Wolfgang, true, but remember, the logon trigger will fire after you login and before you get your prompt back to issue the exec dbms_application_info command. Laura, if you are that worried, revoke dbms_application_info from public and grant it at the end of the trigger. Spoofing will require user to execute some code, which obviously cannot be done until login process is complete. Am I missing anything? rjamya On 4/12/07, Wolfgang Breitling <breitliw@xxxxxxxxxxxxx> wrote:
At 09:05 AM 4/12/2007, laura pena wrote: >Just to provide feedback here, I actually got this implemented using >the 10g feature creating application roles via schema packages. >Thanks for the link below Sriram. > >The user is configured to execute a schema package created as the >system user with AUTHID CURRENT_USER. > >The schema package uses sys_context to check the users environment >module name to determine which application is running. If it's the >"approved" module, permission to update,delete, insert into this >schema are granted via dbms_session.set_role to the logged in user. > >The application itself needed to modified to call this stored >procedure on login (it does more checks as well). All users allowed >to user this application configured to use this stored procedure. > >Works great. Except now I have a security question? > >Can a user spoof the sys_context environment module name ? >So say the user wants to have super privs within toad? Can he/she >change the module toad.exe to the module name of the application. >So they may have super privs to the applications tables now? I am getting out on a limb here to say "most likely yes". How difficult it is depends to some degree on how your sys_context determines "the users environment module name". If it's just from the program name that would be very easy to fake. By just creating a copy of sqlplus as toad I get the following: 11:59:02 ora92.scott> exec print_table('select * from v$session where sid=9' SADDR : 30A6BB08 SID : 9 SERIAL# : 3594 AUDSID : 5325 PADDR : 30A41044 USER# : 40 USERNAME : SCOTT COMMAND : 0 OWNERID : 2147483644 TADDR : LOCKWAIT : STATUS : ACTIVE SERVER : DEDICATED SCHEMA# : 40 SCHEMANAME : SCOTT OSUSER : FERRARI\Wolfgang PROCESS : 8036:7572 MACHINE : CENTREX\FERRARI TERMINAL : FERRARI PROGRAM : toad.exe TYPE : USER SQL_ADDRESS : 320733AC SQL_HASH_VALUE : 2876145831 PREV_SQL_ADDR : 320733AC PREV_HASH_VALUE : 2876145831 MODULE : SQL*Plus MODULE_HASH : 3669949024 ACTION : 2007-04-12 11:55:54 ACTION_HASH : 1061060199 CLIENT_INFO : FIXED_TABLE_SEQUENCE : 66 ROW_WAIT_OBJ# : 30146 ROW_WAIT_FILE# : 7 ROW_WAIT_BLOCK# : 0 ROW_WAIT_ROW# : 0 LOGON_TIME : 2007-04-12 11:55:52 LAST_CALL_ET : 0 PDML_ENABLED : NO FAILOVER_TYPE : NONE FAILOVER_METHOD : NONE FAILED_OVER : NO RESOURCE_CONSUMER_GROUP : DEFAULT_CONSUMER_GROUP PDML_STATUS : DISABLED PDDL_STATUS : ENABLED PQ_STATUS : ENABLED CURRENT_QUEUE_DURATION : 0 CLIENT_IDENTIFIER : ----------------- The program name is now toad.exe, but the module is still sql*plus because sqlplus sets it via a call to dbms_application_info.set_module. In order to change that I need to intercept that and change the value to something else. Not at all impossible to do. Just depends on the determination and knowledge of the developer. Regards Wolfgang Breitling Centrex Consulting Corporation www.centrexcc.com ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ -- //www.freelists.org/webpage/oracle-l
-- ----- Best regards RJamya -------------------------------------------