Select access on v_$ session
I have just said that a grant requested to select on v_$ session constitutes a security problem.but its quite systematic as if a must in the logical English packed only be instantiated by a caller at a time, the following is used:
-record the activity
DBMS_APPLICATION_INFO.set_module (module_name = > C_PROCEDURE_NAME, action_name = > null);
-make sure that this process is never instantiated by more than one caller at a time
Select count (1) in the session v_duplicate_process_cnt $ v
where module = C_PROCEDURE_NAME;
If (v_duplicate_process_cnt = 1) then
-do stuff
endif;
I'm unable to dig up concerns of specific safety with the help of this method or provide select access on v_$ session.
can someone indicate what are the problems of security on a select on v_$ session and, if necessary, another method to ensure that only packed logical is not instantiated by several appellants?
Thanks again.
Hello
Just some thoughts:
-You could get the address of the process of the column PADDR, let you know segments of memory at glance and looking for something interesting.
-You can know the OSUSER, the MACHINE and the PROGRAM of a live session, then you can try to list possible attack targets (for example, to steal their passwords).
-Find the best time to attack a database without starting any traced by a DBA (by looking at the column SECONDS_IN_WAIT).
I think that it would be difficult for an attacker to obtain the credentials of database that already have this privilege (perhaps they need to break a lot of front security door). but it is possible.
For your problem, I would implement a work manual scheduler:
dbms_scheduler.create_job
(job_name-online "MyTask",
job_type-online "procedure_stockee."
job_action-online 'will. "
number_of_arguments-online 2
);
When you call it:
dbms_scheduler.set_job_argument_value
(job_name-online "MyTask",
argument_position-online 1
argument_value-online v_value1
);
dbms_scheduler.set_job_argument_value
(job_name-online "MyTask",
argument_position-online 2
argument_value-online v_value2
);
dbms_scheduler.run_job ('MyTask');
If your task is already running, then you should get an ORA-27478.
It will be useful.
Kind regards!
Tags: Database
Similar Questions
-
Hi Experts,
What is the best way or best practices for access to the session defined in servelt pipeline component?
Please, share your ideas.
Thank you
ankV
As performance is concerned, a lot would depend on as to how your design & logic is implemented and you presented search operations to support the specific performance problems. In fact the operation itself can be not expensive than in-house it is somewhat like a search for key/value of the objects in session/application context name. But having said that, Yes, a potential performance problem could be because it's a synchronized operation. So to avoid searches to be performed during each request, caching the results of a search of a component. And in the majority of cases to solve a 'A' component within your component, you must configure a property reference 'A' in the file properties for your component.
-
The question comes down to my needs. Where are stored the "last Sessions"? I backed up my drive "C", My Documents, my pictures, etc., so I should be OK with bookmarks. But, I would also like to be able to access previous sessions.
The current session is stored in sessionstore.js file in the Firefox profile folder.
There are also backups in the folder sessionstore-backups that you can copy the sessionstore.js file make Firefox to use this file.You can use this button to go to the Firefox profile folder currently in use:
- Help > troubleshooting information > profile directory: see file (Linux: open the directory;) Mac: View in the Finder)
- http://KB.mozillazine.org/Profile_folder_-_Firefox
-
Cisco 881 - Access Gateway VPN session
Nice day
I configured my Cisco 881 and finally has surpassed "thecan't see my network" issue IPSec VPN.
I have a usecase where I need to access the gateway of the VPN Session.
When I connect to the VPN using Cisco VPN Client 4.8 x, I do not return a default gateway on the VPN map. When I try to ping my IP from the LAN (10.20.30.1) bridge that does not work and I cannot access it with other tools.
I'm sure it's an ACL question and it makes sense to hide the default gateway, but the big question is how to configure my router to see the gateway and access them from the VPN session?
Please see my attached cleaned configuration.
Network Info:
- Internet Internet service provider gateway: 192.168.68.1
- DNS: 192.168.2.1
- Address WAN Cisco 881 at: 192.168.68.222
- Address on Cisco 881 LAN: 10.20.30.1
- DHCP for LAN on Cisco 881: 10.20.30.10 - 10.20.30.50
- DHCP for IPSec VPN: 10.20.40.10 - 10.20.40.50
Thank you in advance for your help!
Kind regards
-JsD
Brand pls kindly this post as answered so that others facing the same issue can follow the workaround solution provided according to your final configuration.
Great update and explanation btw. Thank you for that.
-
The access admin VCS session timeouts
Hello
I have asked me if there are VCS performance problems if the admin access session has the value zero, or, for example 30 minutes.
I know that this seems to be a stupid question because he absolutely should not affect the performance of VCS, however can someone please confirm this? In addition, the number of connected users admin will have a detrimental effect on the VCS? Once again, I guess not as the default is not limited, but confirmation would be greatly appreciated.
Thank you very much
Howard
Hi Howard,.
As far as I know, the number of sessions of admin and admin session logout, does not affect the performance of VCS much. However, please keep in mind that it certainly affects the performance of VCS if the number of sessions admin VCS is superior > 5 as VCS responded to all the commands and requests by admin VCS sessions.
So, it is advisable to set the session timeout no matter what between 15-30 minutes, so VCS kicks on the sessions inactive admin and keep resources free VCS.
Hope that answers your questions. Feel free to rate this response accordingly.
Thank you
Saurabh
-
How to access the 'Active Sessions' using MBeans
Hi all
I sent a request to the EM (Enterprise Manager).
When I have connected on EM and click on the app, I see the number of active sessions under the heading "Servlets and JSP.
How can I access this setting at the application level. ??
(I want to access this setting * 'x' * my web application and display registered users: x )
EM shows that the number of active sessions. It updates too... so there must be some beans or recording for this setting...
How can I access who...?
Kind regards
Durieux.
-
to provide selective access by VPN.
If we have two (add1 and add2) Web servers hosted on the area of the DMZ. and we need to give access to only a more remote VPN client (add1) Web server we do. Because when we configure the remote VPN client using PDM. It will never ask for any particular ip address where this configuration will be applied. He asks only what client VPN interface interacts with.
the current pix configuration should be similar to the one below:
access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 120 allow ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
NAT (dmz) 0-access list 101
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 md5 hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
ISAKMP identity address
ISAKMP nat-traversal 20
Crypto ipsec transform-set esp-3des esp-md5-hmac vpnset
IP local pool ippool 10.1.1.11 - 10.1.1.21
vpngroup address ippool vpnclient-pool
vpngroup idle 1800 vpnclient-time
vpngroup vpnclient-Server dns 139.130.4.4
vpngroup vpnclient password cisco456
vpngroup split tunnel 120 vpnclient
Crypto-map dynamic dynmap 10 transform-set vpnset
map remote_vpn 20-isakmp ipsec crypto dynamic dynmap
Cisco username password cisco123
AAA-server local LOCAL Protocol
client authentication card crypto remote_vpn LOCAL
client configuration address card crypto remote_vpn throw
client configuration address card crypto remote_vpn answer
If so, then you just need to change 120, i.e. the split tunneling acl acl:
Of
access-list 120 allow ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
TO
access-list 120 allow host ip 192.168.1.100 10.1.1.0 255.255.255.0
by changing the acl 120 as shown above, the user remote vpn will accommodate 192.168.1.100 only (all the port/protocol).
Alternatively, you can restrict access to the level of protocol/port. It requires disabling the command 'sysopt connection permit-ipsec' and then create an inbound acl. I would like to know if it is the most preferred and I'll give you an example configuration.
Another point should be noticed is that even if the remote user can only access a server in the DMZ, however, you must also restrict access directly on the server. as the vpn remote user may be able to access other private server resources.
-
synonyms or grant select access
Hi I have a database with 2 user_login
(1) connect owner
(2) user login
(3) all the tables created in the database will be the owner (owner login username)
(4) user will be able to insert, delete, update, run the objects of the owner
Now my question is... I created all the tables through owner LOGIN
How can ensure me that the point n ° 4 is convinced...?
My said dba to create synonyms etc that I didn't... he can directly give ins, upd, privileges select exec, to these objects for the user right?
why it asking me to create synonyms... and whr can be establish synonyms?Well, it will be both pretty much but that does not mean that you must type out... Try this while connected as user has (and this assumes that you want to give everything for each table to user B)... just under your username for A and b. after that, you will need to create synonyms for each object of user B... which you could create A user script to run to b like this:
Synonyms:
Select ' create synonym ' | table_name |' a.'. table_name | ';' from user_tables;
then take the script put on hold as the above producted and sign as b and run it to create synonyms
Grants:
FOR x IN (SELECT * from user_tables)
LOOP
EXECUTION IMMEDIATE "GRANT ALL WE HAD." | x.table_name | 'TO B ';
END LOOP; -
v$ session table 4.1 APEX access
Hi all
First time display and just beginning to learn about Oracle so please forgive me if I ask a stupid question. I received an assignment College to develop a tool which is able to analyse the Oracle DBMS. My teacher made us in the direction of the table V$ SESSION as being the main source of information needed to do this. We use Oracle 10 g Express as the workplace. Under the project, we were asked to design the tool so that we can learn the two session past and present and represent some of the information in the graphs.
In the search for a way to do this that I came across Oracle Application Express and it seemed to be a package that I might be able to use to do this. I built a virtual machine and initially installed Oracle 10 g Express. As the SYSTEM user, I then installed a copy of Oracle Application Express 4.1. Then I created a workspace called PROJECT and as s/n, I installed the example HR schema so I have a working group of data for General queries.
My intention was to develop an application that can run a script that removed all the info from the table V$ SESSION in a few new tables that I had put in place in the schema. I could store this information in the tables for a historical view of previous sessions. So my application would be able to reference the tables and create charts from data. I still have to learn about the APEX, but my main hypothesis is that if I can get information in a table, I can do a lot with it.
I got the HR schema installed on a copy of the Oracle 10 g Express before and could access the V$ SESSION table but now I can't go to her APEX. I am aware that APEX has some reporting tools, but I can't use these as the project is to develop the tool myself... However, I can imitate what they do.
So my question is how can I access the table V$ SESSION of my database because it is not visible in the working SYSTEM or PROJECT space that I have through the object browser.
I appreciate all help.
Thank you.Glenn,
+ > Extremely frustrated by APEX begins to see why MYSQL is becoming an alternative to the company! +
Well, I think it's quite a hasty conclusion to reach, especially for someone who is autonomous while brand new to Oracle, don't you think?
I've created many applications which queries all the views SYS owned very well. Here's what you do:
(1) I assume you have a workspace with a database schema associated with, right? Suppose that in this scenario, it is named GLENN, OK?
2) connect as SYS (via SQL * Plus or another tool) to your database and the question: GRANT SELECT ON SYS. V_$ SESSION TO GLENN
(3) you should now be able to go in your workspace APEX (the one mapped to GLENN) and issue SQL commands: SELECT * FROM V$ SESSION. You can also create a report in an APEX on SYS application. V$ SESSION.That's all there is to it. Hope this helps.
Good luck.
Joel
-
Can't access v$ session
Hello
I've migrated database from oracle 9i to oracle 11g (depending on the method of import/export). The Pb is that 25 GB.
Now, few users are unable to access the v$ session. When we try to access the v$ session through some users, we get the error below
However, the query works fine in Oracle 9i database.SQL> SELECT SID,SERIAL#,USERNAME,OSUSER,TO_CHAR(LOGON_TIME,'MM/DD/YYYY HH:MI AM') FROM V$SESSION WHERE CLIENT_INFO='MIS0883001MEMOIP' AND STATUS!='KILLED' ORDER BY USERNAME; SELECT SID,SERIAL#,USERNAME,OSUSER,TO_CHAR(LOGON_TIME,'MM/DD/YYYY HH:MI AM') FROM V$SESSION WHERE CLIENT_INFO='MIS0883001MEMOIP' AND STATUS!='KILLED' ORDER BY USERNAME * ERROR at line 1: ORA-00942: table or view does not exist
I checked all the privileges, and it seems to be the same, as was the case in Oracle 9i.
Are there limitations in Oracle 11 g that normal users cannot access table v$ session?
Thank you!SELECT GRANTEE, 'ROL' TYPE, GRANTED_ROLE PV FROM DBA_ROLE_PRIVS WHERE GRANTEE = '&usercheck' UNION SELECT GRANTEE, 'PRV' TYPE, PRIVILEGE PV FROM DBA_SYS_PRIVS WHERE GRANTEE = '&usercheck' UNION SELECT GRANTEE, 'OBJ' TYPE, MAX(DECODE(PRIVILEGE, 'WRITE', 'WRITE,')) || MAX(DECODE(PRIVILEGE, 'READ', 'READ')) || MAX(DECODE(PRIVILEGE, 'EXECUTE', 'EXECUTE')) || MAX(DECODE(PRIVILEGE, 'SELECT', 'SELECT')) || MAX(DECODE(PRIVILEGE, 'DELETE', ',DELETE')) || MAX(DECODE(PRIVILEGE, 'UPDATE', ',UPDATE')) || MAX(DECODE(PRIVILEGE, 'INSERT', ',INSERT')) || ' ON ' || OBJECT_TYPE || ' "' || A.OWNER || '.' || TABLE_NAME || '"' PV FROM DBA_TAB_PRIVS A, DBA_OBJECTS B WHERE A.OWNER = B.OWNER AND A.TABLE_NAME = B.OBJECT_NAME AND A.GRANTEE = '&usercheck' GROUP BY A.OWNER, TABLE_NAME, OBJECT_TYPE, GRANTEE UNION SELECT USERNAME GRANTEE, '---' TYPE, 'empty user ---' PV FROM DBA_USERS WHERE NOT USERNAME IN (SELECT DISTINCT GRANTEE FROM DBA_ROLE_PRIVS) AND NOT USERNAME IN (SELECT DISTINCT GRANTEE FROM DBA_SYS_PRIVS) AND NOT USERNAME IN (SELECT DISTINCT GRANTEE FROM DBA_TAB_PRIVS) AND USERNAME LIKE '%&usercheck%' GROUP BY USERNAME ORDER BY GRANTEE, TYPE, PV;
-
Access grant select on all tables in a diagram to another diagram
Hi all
I can grant select access on the tables of a schema (SAY USER1) to another (SAY USER2) by giving him a role and in turn grant this role to another scheme as below:
FOR x IN (SELECT * from user_tables)
LOOP
RUN IMMEDIATELY "SELECT WE GRANT | x.table_name | "To < < role1 > > ';
END LOOP;
Role1 Grant User2;
but my question is that suppose I create another table say "TEMP_TAB" in the scheme of USER1 after the execution of the block above user2 will be able to access the table TEMP_TAB. My guess is certainly not. If I'm wrong, I want a way to grant select on a table in the schema of user1 immediately as and when it is created to User2.
Please suggest a solution.
Thank you and best regards,
Vipin Kumar Rai993280 wrote:
Knani,but in this case the User2 can choose any table in any schema. I want only USER2 for the right to select for only User1 tables.
Thank you
VipinOh sorry. Misinterpreted your post. What you did is the right way to do it. You must add the select role privilege whenever you create a new table. There is no "SELECT the TABLE all THE" specific to a type of data user privilege.
-
display only user information sessions
Hello
I am looking for a solution to grant limited access to v$ session, so the specified database user can list only sessions held by himself.
something like a public version of:
Select * from session $ v
where username = user;
I can do this with v_$ session for the specified user. But there is not much sense in it since v_$ session shows all sessions.
So is it better?
Thank you
SYS, grant select on v_$ session directly to a user with grant option option. (Someone who is a DBA is still a good choice)
As this privileged user create a view by using the same query, you have above. (USER_SESSION is a logical name)
create a public synonym for your point of view USER_SESSION.
Grant select on USER_SESSION to specific users, or the PUBLIC.
In this way, v$ session is not available to the average user, but is USER_SESSION and works the way you want.
-
Spend the session login information
Hello
I use Jdev 11.1.1.7.0_GENERIC_130226.1400.6493.
We create an ADF Application with custom login page (.html). Click to submit a JS function is called, which makes j_security_check synchronous AJAX call with name of user and password and lands at the homepage (.jspx) app after authentication.
The requirement now is to add a local select choice field in the Login Page whose value can be captured in session and used after the connection is successful.
Any ideas on how this can be implemented. I tried to use filters, but, how to chose local I don't get any ideas.
Thanks in advance
-Neha...
Hello
you do not have access to the session of JS and HTML. I had put a cookie to the client, you can do from JavaScript. When the request is then redirected to the JSPX page, you look at the cookie and set the regional settings accordingly. If you set the cookie expires when the browser is closed and there is no State stood on the browser remains
Frank
-
Why in 11 GR 2, I can not audit by session
Version: the database 11.2.0.1
SQL > see the parameter checking
AUDIT_TRAIL channel DB_EXTENDED Select * from dba_obj_audit_opts;
1 HR EMPLOYEES TABLE -/- -/- -/- S/S -/- -/- -/- -/- -/- -/- S/S -/- -/- -/- -/- -/- -/-
Select * from dba_priv_audit_opts;
1 CREATE A TASK EXTERNALLY BY ACCESS BY ACCESS 2 CREATE ANY WORK BY ACCESS BY ACCESS 3 GRANT A PRIVILEGE OBJECT PER ACCESS BY ACCESS 4 ACCESS EXEMPTED BY ACCESS BY ACCESS POLICY 5 CREATE ANY LIBRARY BY ACCESS BY ACCESS 6 GRANT ANY IMMUNITY RECOGNIZED BY ACCESS BY ACCESS 7 DROP BY ACCESS BY ACCESS PROFILE 8 ALTER BY ACCESS BY ACCESS PROFILE 9 DROP ANY PROCEDURE BY ACCESS BY ACCESS 10 CHANGE ANY PROCEDURE BY ACCESS BY ACCESS 11 CREATE A PROCEDURE BY ACCESS BY ACCESS 12 ALTER DATABASE BY ACCESS BY ACCESS 13 GRANT ANY ROLE BY ACCESS BY ACCESS 14 CREATE THE LINK FROM PUBLIC ACCESS BY ACCESS DATABASE 15 H SELECT ANY TABLE IN SESSION NO GAME 16 DROP USER ACCESS BY ACCESS 17 ALTER USER ACCESS BY ACCESS Select * from dba_stmt_audit_opts;
1 CHANGE THE ACCESS BY ACCESS SYSTEM 2 CREATE SESSION BY ACCESS BY ACCESS 3 HR NO BATCH OF TABLES BY ACCESS 4 CREATE USER BY ACCESS BY ACCESS 5 ALTER USER ACCESS BY ACCESS 6 DROP USER ACCESS BY ACCESS 7 SYNONYM PUBLIC BY ACCESS BY ACCESS 8 LINK TO ACCESS BY ACCESS DATABASE 9 ROLE BY ACCESS BY ACCESS 10 PROFILE BY ACCESS BY ACCESS 11 HR SELECT ANY TABLE IN SESSION NO GAME 12 HR ALTER TABLE BY ACCESS UNDEFINED 13 CREATE THE LINK FROM PUBLIC ACCESS BY ACCESS DATABASE 14 GRANT ANY ROLE BY ACCESS BY ACCESS 15 GRANT OF ACCESS BY ACCESS SYSTEM 16 ALTER DATABASE BY ACCESS BY ACCESS 17 CREATE A PROCEDURE BY ACCESS BY ACCESS THE QUESTION IS, in all these verification option, I GOT AUDIT TRAIL for access, no session, IE. When I do something be checked, each access obtained an audit NOT by session trail, WHY, IT CONFUSED ME a lost!
OK, I know it very well:
http://docs.Oracle.com/CD/E11882_01/network.112/e16543/whatsnew.htm#CJAGCGGE:
Change to AUDIT BY SESSION
The SESSION clause of the present AUDIT report writes an audit record for each audited event. In previous versions, has written a record audit for all SQL statements or operations of the same type that were performed on the same schema objects in the same session of the user SESSION. Now, by SESSION and BY ACCESS write an audit for each audit record. In addition, there are records of separate audit for OPENING and closing of SESSION events. If you omit the clause BY the ACCESS, then BY SESSION is used by default.
Generating SESSION audit record is different from the audit OF ACCESS record. Oracle recommends to include the clause BY ACCESS for all directions of AUDIT, which translates into a more detailed audit record. In the case of logging events, the timestamp of the audit record has a greater precision than in previous versions.
Note that this change applies to schema, statement options object audit options and system privileges that audit SQL statements other than data definition language (DDL) statements. Oracle database always checked using the clause BY ACCESS on all statements SQL and access privileges that check a DDL statement.
-
Can someone tell me if the below is available in OSB 11 g. Or if it has been removed from the BSO?
'Location of access control policies.
The Security page provides a link to the control strategies for a proxy service to access in the current ALSB domain.
This page list does not list the proxy services that you have created in the session, but have not yet activated. If you want to change control strategies for a new proxy service to access, first activate the session in which you created the proxy service.
If you want to find the control strategies for a new proxy service to access, activate the session in which you created the proxy service.
In the access control column select the name of the proxy to access control of Transport service, or the name of the proxy service or a special control of Message operation. »The section 'access control strategies 45.5' link - below
http://download.Oracle.com/docs/HTML/E15866_01/model.htm
Kind regards
Anuj
Maybe you are looking for
-
an iPhone 5s cable charger can be used on an iPhone 4S
I used a my iPhone 4S cable charger on someone of another iPhone 5s. Now my charger cable does not work. It's probably too bad? Stores are closed tomorrow because it's a day holiday here and my phone is low in the battery. IPhone 5 s charger cable
-
Error message - Wizard upgrade Win8 - Portege Z830 - 10 H
I use Portege Z830 - 10 H, Win8 64 bit, which I switched to Win7 64 bit.Yesterday I installed the [Toshiba Upgrade Assistant 3.0 | http://eu.computers.toshiba-europe.com/innovation/download_driver_details.jsp?service=EU&selCategory = 2 & selFamily =
-
Change the language of the LabView controls?
I just need confirmation. If LabView controls, as a graph, have a context menu, then this menu will be first in the language of the LabView IDE, it is used with. If I create a new application, then the manufacturer includes the LabView RTE. It will a
-
HelloI get an error:reports "parameter not valid value in field - runtime error 20553" in vb6 using parameter with Crystal fields. It occurs with a parameter set to the date format. I can't get the report is displayed. The line I use to set the pa
-
Enabling audio in a Windows server 2008 R2 host
I need to activate the audio in Windows Server 2008 R2 guest VM hosted by a 5.0 ESXi host in a vSphere 5.0 environment.The guest VM should be accessible via Remote Desktop.Windows 7 guest VM in the same host have audio enabled and works very well, so