Oracle 10g初始化参数AUDIT_TRAIL变化(二)
2013-06-21 09:46
253 查看
在9i中,初始化参数AUDIT_TRAIL只有NONE、DB和OS三个可选值,而在10g中,Oracle又增加了几个新的选项。
这篇介绍EXTEND选项。
当前数据库的设置为:
SQL> show parameter audit_trail
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string XML
检查一下这种情况下对SQL语句和绑定变量的支持:
SQL> var v_id number
SQL> exec :v_id := 1
PL/SQL procedure successfully completed.
SQL> audit select on t_audit;
Audit succeeded.
SQL> select * from t_audit where id = :v_id;
no rows selected
查询V$XML_AUDIT_TRAIL视图:
SQL> select db_user, object_name, sql_text, sql_bind
2 from v$xml_audit_trail;
DB_USER OBJECT_NAME SQL_TEXT SQL_BIND
-------- ------------ -------------------------------------------------- ----------
/ CONNECT
/ CONNECT
/ CONNECT
TEST T_AUDIT
TEST T_AUDIT
对于新执行的SELECT语句,看不到SQL语句和绑定变量,下面设置AUDIT_TRAIL参数为XML, EXTENDED:
SQL> conn / as sysdba
Connected.
SQL> alter system set audit_trail = xml, extended scope = spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 2147483648 bytes
Fixed Size 2074112 bytes
Variable Size 486541824 bytes
Database Buffers 1644167168 bytes
Redo Buffers 14700544 bytes
Database mounted.
Database opened.
下面执行同样的查询语句:
SQL> conn test/test
Connected.
SQL> select * from t_audit where id = :v_id;
no rows selected
SQL> select db_user, object_name, sql_text, sql_bind
2 from v$xml_audit_trail;
DB_USER OBJECT_NAME SQL_TEXT SQL_BIND
-------- ------------ -------------------------------------------------- ----------
/ CONNECT
/ CONNECT
/ CONNECT
/ SHUTDOWN
/ CONNECT
TEST T_AUDIT
TEST T_AUDIT
TEST T_AUDIT select * from t_audit where id = :v_id #1(1):1
8 rows selected.
可以看到,设置了AUDIT_TRAIL为XML, EXTENDED参数后,数据库不仅记录下复合AUDIT条件的SQL语句,设置还会记录SQL语句中使用的绑定变量。
不过需要注意的是,这种审计同时也存在暴露敏感SQL语句以及敏感数据的潜在危险,同时记录SQL语句和绑定变量势必增加额外的开销,因此这个选项应该只在需要的时候打开。
oracle视频教程请关注:http://u.youku.com/user_video/id_UMzAzMjkxMjE2.html
这篇介绍EXTEND选项。
当前数据库的设置为:
SQL> show parameter audit_trail
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string XML
检查一下这种情况下对SQL语句和绑定变量的支持:
SQL> var v_id number
SQL> exec :v_id := 1
PL/SQL procedure successfully completed.
SQL> audit select on t_audit;
Audit succeeded.
SQL> select * from t_audit where id = :v_id;
no rows selected
查询V$XML_AUDIT_TRAIL视图:
SQL> select db_user, object_name, sql_text, sql_bind
2 from v$xml_audit_trail;
DB_USER OBJECT_NAME SQL_TEXT SQL_BIND
-------- ------------ -------------------------------------------------- ----------
/ CONNECT
/ CONNECT
/ CONNECT
TEST T_AUDIT
TEST T_AUDIT
对于新执行的SELECT语句,看不到SQL语句和绑定变量,下面设置AUDIT_TRAIL参数为XML, EXTENDED:
SQL> conn / as sysdba
Connected.
SQL> alter system set audit_trail = xml, extended scope = spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 2147483648 bytes
Fixed Size 2074112 bytes
Variable Size 486541824 bytes
Database Buffers 1644167168 bytes
Redo Buffers 14700544 bytes
Database mounted.
Database opened.
下面执行同样的查询语句:
SQL> conn test/test
Connected.
SQL> select * from t_audit where id = :v_id;
no rows selected
SQL> select db_user, object_name, sql_text, sql_bind
2 from v$xml_audit_trail;
DB_USER OBJECT_NAME SQL_TEXT SQL_BIND
-------- ------------ -------------------------------------------------- ----------
/ CONNECT
/ CONNECT
/ CONNECT
/ SHUTDOWN
/ CONNECT
TEST T_AUDIT
TEST T_AUDIT
TEST T_AUDIT select * from t_audit where id = :v_id #1(1):1
8 rows selected.
可以看到,设置了AUDIT_TRAIL为XML, EXTENDED参数后,数据库不仅记录下复合AUDIT条件的SQL语句,设置还会记录SQL语句中使用的绑定变量。
不过需要注意的是,这种审计同时也存在暴露敏感SQL语句以及敏感数据的潜在危险,同时记录SQL语句和绑定变量势必增加额外的开销,因此这个选项应该只在需要的时候打开。
oracle视频教程请关注:http://u.youku.com/user_video/id_UMzAzMjkxMjE2.html
相关文章推荐
- Oracle 10g初始化参数AUDIT_TRAIL变化(一)
- ORACLE 初始化参数:AUDIT_TRAIL
- 【请教】Oracle中审计参数audit_trail的讨论
- oracle的初始化参数文件(第四次上机)
- Oracle初始化参数含义
- Oracle 好书 04 ( 初始化参数与实例 )
- oracle初始化参数
- Oracle参数设置(10g)
- oracle 10g中db_recovery_file_dest和log_archive_dest参数的关系
- oracle中的初始化参数文件
- oracle初始化参数设置
- Oracle初始化参数的来源
- Oracle初始化参数文件
- Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作
- oracle 10g的隐含参数_complex_view_merging引发的性能问题
- oracle初始化参数设置
- ORACLE初始化参数文件概述
- oracle官方文档_查看初始化参数(举例)
- Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作
- 解决IP地址变化后Oracle 10g如何不受影响