Re: Turn Audit to Monitor Logins

From: Tim Gorman <tim@xxxxxxxxx>
To: jkstill@xxxxxxxxx
Date: Fri, 05 Dec 2008 12:32:18 -0700

Yikes! Possibly a good time to revoke SELECT on the DBA_AUDIT_* views from roles like SELECT_CATALOG_ROLE, or perhaps just create and use new roles similar to SELECT_CATALOG_ROLE without privileges on the audit trail views?

Thanks Jared!

Jared Still wrote:

On Fri, Dec 5, 2008 at 9:27 AM, Nagaraj S <nagaraj.chk@xxxxxxxxx> wrote:

This audit is intended to find out who logins to the user repeatedly and unsuccessfully that caused the account to be locked in more than one occasions." Please help me on this

A recently discovered (in one of our databases) drawback to auditing logon sessions:

Have you every inadvertently typed your password in to the username field of a form?

Guess what shows up in dba_audit_session.username when that is done to an oracle
database with logon auditing enabled?

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

-- //www.freelists.org/webpage/oracle-l

References:
- Turn Audit to Monitor Logins
  - From: Nagaraj S
- Re: Turn Audit to Monitor Logins
  - From: Jared Still

Re: Turn Audit to Monitor Logins

Other related posts: