Home arrow Oracle arrow Page 3 - Auditing to Secure Oracle Database XE

Protecting the Audit Trail - Oracle

In this conclusion to a ten-part article series on securing Oracle Database XE, you will learn about statement auditing, privilege auditing, and more. This article is excerpted from chapter 31 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

  1. Auditing to Secure Oracle Database XE
  2. Privilege Auditing
  3. Protecting the Audit Trail
By: Apress Publishing
Rating: starstarstarstarstar / 2
February 10, 2011

print this article



The audit trail itself needs to be protected, especially if nonsystem users must access the table SYS.AUD$. The built-in role DELETE_ANY_CATALOG is one of the ways that non-SYS users can have access to the audit trail (e.g., to archive and truncate the audit trail to ensure that it does not impact the space requirements for other objects in the SYStablespace).

To set up auditing on the audit trail itself, connect asSYSDBAand run the following command:

SQL> audit all on sys.aud$ by access;
Audit succeeded.

Now all actions against the tableSYS.AUD$, includingSELECT,INSERT,UPDATE, andDELETE, will be recorded inSYS.AUD$itself. But, you may ask, what if someone deletes the audit records identifying access to the tableSYS.AUD$? The rows in the table are deleted, but then another row is inserted, recording the deletion of the rows. Therefore, there will always be some evidence of activity, intentional or accidental, against theSYS.AUD$table. In addition, ifAUDIT_SYS_OPERATIONSis set toTRUE, any sessions usingAS SYSDBAorAS SYSOPER, or connecting asSYS itself will be logged into the operating system audit location, which presumably even the Oracle DBAs would not have access to. As a result, you have many safeguards in place to ensure that you record all privileged activity in the database, along with any attempts to hide this activity.


As a DBA, you want to make sure that your application environment is secure. This chapter provided you with the tools to enhance and refine the security options available in Oracle Database XE. While you can protect your enterprise data using Oracle’s built-in security, you are free to add another layer of protection in your Web-based PHP applications as well. Any robust security policy implements more than one layer of security to ensure that users are who they say they are (authentication), and that they are allowed to access various resources in your environment (authorization).

In the next chapter, we tie together your PHP applications with Oracle and show you how easy it is to connect to Oracle Database XE, query and modify database tables, retrieve database metadata, and format your database’s data to look good in a PHP application.  

>>> More Oracle Articles          >>> More By Apress Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Oracle Java Security Woes Continue
- Oracle's New IaaS Cloud Option: There's a Ca...
- Oracle Acquires Eloqua to Boost Cloud Presen...
- Choosing Innovation: Oracle Survey Insights
- Oracle Fixes Privilege Escalation Bug
- Oracle`s Communications Service Availability...
- Oracle Releases Exalytics, Taleo Plans
- Oracle Releases Communications Network Integ...
- Oracle Releases Communications Data Model 11...
- Oracle Releases PeopleSoft PeopleTools 8.52
- Oracle Integrates Cloudera Apache Distro, My...
- Oracle Releases MySQL 5.5.18
- Oracle Announces NoSQL Database Availability
- Sorting Database Columns With the SELECT Sta...
- Retrieving Table Data with the LIKE Operator

Developer Shed Affiliates


Dev Shed Tutorial Topics: