Advertisment

Spoofing Oracle session information

author-image
CIOL Bureau
Updated On
New Update
Format : PDF
Type : Whitepaper
Length : 10 Page(s)
Language : English
Click here to download the paper
With the exception of the database username, session ID, and timestamps, most session-level values can be easily manipulated by the user and are not reliable for security protections or audit trails.

Using sample code provided by Oracle, any skilled Oracle database administrator or developer should be able to create a simple Java program that sets all session values to arbitrary values with the exception of the database username, session ID, IP address, and timestamps.

The lack of reliability of the database session information must carefully considered when designing security protections

tech-news