Application User Auditing in DB

Ask a Question related to Coldfusion Database Access, Design and Development.

  1. Jon D. #1

    Default Application User Auditing in DB

    Does anyone know how you can pass the application user ID to the database for
    auditing purposes? We require auditing at the user level in the DB. The
    problem is you loose a significant portion of transaction auditing when you use
    connection pooling and multi-tier applications like CF. They are all logged at
    the datasource account account level, not the specific application user.
    Right now we are on MX6.1 and Oracle 9i
    Oracle's JDBC supports keeping track of the "application user" through
    CLIENT_IDENTIFIER but I am not sure how to access this through the CF
    framework.

    Any ideas or alternatives are greatly appreciated!

    Thanks!
    Jon

    Jon D. Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Auditing Controls
      I developed a checkin system for a hospital's guest rooms that also allows payments and refunds to be issued to guests. The IT department has asked...
    2. kdc ticket auditing
      Hi, I would like to audit the kdc ticket activity: I mean: I access IIS via kerberos, so I find in event viewer the 672 entry, then I have a 673...
    3. Auditing
      I can't turn off security auditing in the event viewer even with mmc console there is no local security policy snap in? Anybody got any ideas?
    4. Auditing Windows XP Registry
      Hello There, I can audit any of the Root Keys execpt for HKEY CLASSES ROOT. Would anyone know why the Audit pane for this root ker is greyed...
    5. Fine-grained auditing question
      I'm thinking about playing around with this and I have a few questions. All of the documentation I've read talks and shows how to use it for...
  2. zz3top #2

    Default Re: Application User Auditing in DB

    You'll need to solve two issues:

    1. Gettin the application user Id
    2. Implementing the code for Oracle:

    For the Oracle part, see proof of concept demo:
    [url]http://searchoracle.techtarget.com/tip/1,289483,sid41_gci910600,00.html[/url]

    For the application user id, you probably need to integrate with whatever
    security services you might use - Windows or Linux. A quick and dirty answer
    could be the CGI.AUTH_USER variable.

    zz3top Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139