设为首页 加入收藏

TOP

Oracle 在重要的表上限制某些IP、用户的恶意操作
2015-11-10 12:16:39 来源: 作者: 【 】 浏览:0
Tags:Oracle 重要 限制 某些 用户 恶意 操作

1,问题描述


2,触发器编写
如果开全局的sql审计,消耗性能太大,不太合适,想来只有在某些重要的表上做限制,初步解决问题了。


1)? 验证ip:(sys_context('userenv','ip_address')not in('192.168.120.211')


2)? 验证用户名:selects.USERNAME into v_username from v$session s where s.audsid=(selectuserenv('SESSIONID') from dual) and rownum<2


3)? 样例存储过程如下:


create or replace triggerpri_stu_test_limit


?before update or delete or insert on stu.zzz_test


DECLARE


? PRAGMA AUTONOMOUS_TRANSACTION;


? v_username varchar2(200) default '';


BEGIN


?


?select s.USERNAME into v_username from v$session s wheres.audsid=(select userenv('SESSIONID') from dual) and rownum<2;


?


? IFdeleting


? AND (sys_context('userenv','ip_address') not in('192.168.120.211')? ? OR 'stuuser' like v_username)


? ? ? THEN


? RAISE_APPLICATION_ERROR(-20001, 'can not delete the table ');


?ELSIF inserting


? AND (sys_context('userenv','ip_address') not in('192.168.120.211')? ? OR 'stuuser' like v_username)


? THEN


? RAISE_APPLICATION_ERROR(-20001, 'can not insert the table ');


?ELSIF updating


? AND (sys_context('userenv','ip_address') not in('192.168.120.211')? ? OR 'stuuser' like v_username)


? THEN


? RAISE_APPLICATION_ERROR(-20001, 'can not update the table ');


? END IF;


END;


3,验证:
SQL>


SQL> insert into stu.zzz_testvalues(3,'zhuren33');


insert into stu.zzz_testvalues(3,'zhuren33')


ORA-20001: can not insert the table


ORA-06512: at"stuuser.PRI_STU_ACCT_LIMIT", line 18


ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'


SQL> commit;


Commit complete


?


SQL>


SQL> update stu.zzz_test setremark='zhuren33_up' where id=3;


update stu.zzz_test setremark='zhuren33_up' where id=3


ORA-20001: can not update the table


ORA-06512: at"stuuser.PRI_STU_ACCT_LIMIT", line 22


ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'


SQL> commit;


Commit complete


?


SQL>


SQL> delete from? stu.zzz_test where id=3;


delete from stu.zzz_test where id=3


ORA-20001: can not delete the table


ORA-06512: at"stuuser.PRI_STU_ACCT_LIMIT", line 14


ORA-04088: error during execution oftrigger 'stuuser.PRI_STU_ACCT_LIMIT'


SQL> commit;


Commit complete


SQL>


OK增删改都可以被限制住了,应该暂时解决了问题所在,后续还是有很多问题需要一起解决的。
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
分享到: 
上一篇Linux下实现MySQL数据库每天自动.. 下一篇Oracle 11g用户权限管理学习笔记

评论

帐  号: 密码: (新用户注册)
验 证 码:
表  情:
内  容: