How Prevent user with alter user privileges from changing password of sys and system users.

by Vazha Mantua 17. August 2011 10:26

Good Day My friends,

 

Today we will discuss about one small security issue for users which have an alter user privileges. Our Task is avoid from these users privileges changing password of system users.

In metalink we found article about this issue. Note id is 271077.1 , which tell us create system trigger for avoiding this case.

 

SQL> conn  / as sysdba
Connected.

SQL> CREATE or REPLACE TRIGGER prohibit_alter_SYSTEM_SYS_pass
AFTER ALTER on SCOTT.schema
BEGIN
IF ora_sysevent='ALTER' and ora_dict_obj_type = 'USER' and
(ora_dict_obj_name = 'SYSTEM' or ora_dict_obj_name = 'SYS')
THEN
RAISE_APPLICATION_ERROR(-20003,
'You are not allowed to alter SYSTEM/SYS user.');
END IF;
END;
/

Trigger created.

 

Now we can see a result:

SQL> conn scott/tiger
Connected.
SQL>alter user system identified by manager;
alter user system identified by manager
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20003: You are not allowed to alter SYSTEM/SYS user.
ORA-06512: at line 5
SQL> alter user sys identified by manager;
alter user sys identified by manager
*
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-20003: You are not allowed to alter SYSTEM/SYS user.
ORA-06512: at line 5
SQL> alter user dbsnmp identified by dbsnmp;
User altered.

 

 

But There are one mistake , which found my student Mariam Kupatadze.

 

Password of user system changed. trigger works after alter user user, correct version is before alter for prevent changing password!

 

Finally we give you correct version of trigger:

SQL> CREATE or REPLACE TRIGGER prohibit_alter_SYSTEM_SYS_pass 
BEFORE ALTER on SCOTT.schema
BEGIN
IF ora_sysevent='ALTER' and ora_dict_obj_type = 'USER' and
(ora_dict_obj_name = 'SYSTEM' or ora_dict_obj_name = 'SYS')
THEN
RAISE_APPLICATION_ERROR(-20003,
'You are not allowed to alter SYSTEM/SYS user.');
END IF;
END;
/

Trigger created.

 

 

 

Tags: , , , , , , , , ,

Free Microsoft Press eBooks available in Amazon Kindle & Barnes & Noble Nook format

by Arman Obosyan 17. August 2011 09:54

From time to time Microsoft Press has been pleased to offer free downloadable eBooks available as either PDF or XPS files. We are now very happy to announce that five of these same eBooks can be downloaded in two additional formats, DRM-free EPUB and MOBI. These new formats enable you to read these eBooks on ereaders such as Amazon’s Kindle, Barnes and Noble’s Nook, Sony Reader and Kobo eReader, as well as on iOS devices such as the iPad. Of course these files can also be read with ereading apps for the various devices (and other reading applications like Adobe Digital Editions) on netbooks, laptops, and desktop PCs. The key difference between these formats and the previously-offered PDF and XPS files is that the text is “reflowable,” meaning that it recomposes depending on the width of the screen (or as you resize a Window). For reading on Kindles, Kindle apps, or the Mobipocket readers for various devices, use the MOBI files. For reading on most other ereaders and ereading apps, including Nook, Sony, and iPad, as well as on PCs, use the EPUB files.

  • Programming Windows Phone 7 by Charles Petzold (EPUB, MOBI)
  • Moving to Microsoft Visual Studio 2010 by Patrice Pelland, Pascal Paré, and Ken Haines (EPUB, MOBI)
  • Introducing Microsoft SQL Server 2008 R2 by Ross Mistry and Stacia Misner (EPUB, MOBI)
  • Introducing Windows Server 2008 R2 by Charlie Russel and Craig Zacker with the Windows Server Team at Microsoft (EPUB, MOBI)
  • Own Your Future, Update Your Skills with Resources and Career Ideas from Microsoft by Katherine Murray(EPUB, MOBI)

Tags:

Georgian case study video, Windows and Office Georgian LIPs

by Arman Obosyan 8. August 2011 10:05

Learn how Microsoft’s commitment to languages through the Windows and Office Georgian LIPs is helping students improve verbal kills, enabling older people to communicate and facilitating a connection to the world

Continue at Source…

More info about Microsoft Local Language Program

Tags:

Windows Phone 7 Guides for iPhone & Android Application Developers

by Arman Obosyan 7. August 2011 10:57

Windows Phone Guides for iPhone & Android Application Developers

Windows Phone Guides for iPhone Application DevelopersWindows Phone Guides for Android Application Developers

 

More info on Windows Phone Interoperability Web Page

Tags:

List of free Microsoft eBooks

by Arman Obosyan 6. August 2011 00:08

Tags:

Event Registration: Upcoming events in MCP-Club Tbilisi

by Arman Obosyan 3. August 2011 11:51

If you are registered user in Technical Community (UGSS) you probably receive registration email, if not, copy of registration email is bellow.

(registration is required if you planning to attend event, click on apt link below)

Upcoming events list

4 August, IT Pro Event
PR01: Lync 2010 Overview by Giorgi Jambazishvili
PR02: Enterprise Networks- Windows Server 2008 R2 Network Access Protection and Cisco Easy VPN Server by Kote Tvaltvadze and Sandro Galdava

IT Pro Event Registration

------------

5 August, Dev Event
PR01: Kernel Transaction Manager by Roman Akopov
PR02: One time password applications for Windows Phone 7 by Giorgi Alkhazishvili
PR03: Demo, Kinect for Windows Software Development Kit (SDK) by Arman Obosyan

Dev Event Registration

-------------

Please Note:

If you or your friend not yet registered in Technical Community (UGSS) then sign up today! to receive updates and news of upcoming events in MCP-Club Tbilisi

Visit http://mcp.community.ge registration instruction for more information or find us on Facebook http://facebook.com/MCP-Club-Tbilisi

The following message from your User Group Leader
Thank you!

http://mcp.community.ge

Tags:

Jinitiator for windows 7

by Vazha Mantua 29. July 2011 16:19

 

Good Day all,

 

Today we will discuss about problem which occurred when you migrated to new windows platform 7 or update IE version.

Oracle tell us that For new versions of IE , jinitiator is not supported , you should use Java instead of Jinitiator ! For oracle forms please use Java.

I Agree with it, because product Jinitiator is out of date!

 

But if you are not going to change method of using this product we found workaround which fix this issue.

 

 

Replace the jvm.dll in jinitiator directory (C:\Program Files\Oracle\JInitiator 1.3.1.22\bin\hotspot\) with this file http://files.getdropbox.com/u/3353/jvm.dll

In our case we use Jinitiator 1.3.1.22

It will help you.

Tags:

Two Day Seminar for IT Pro and Dev - 4 and 5 august

by David Ramishvili 28. July 2011 00:14

MCP Club Tbilisi აგრძელებს სემინარების ჩატარებას!

პირველად კლუბის არსებობის მანძილზე ჩატარდება 2 დღიანი სემინარი, პირველ დღე დაეთმობა IT Pro მიმართულებას, მეორე დღეს კი სემინარზე განხილული იქნება Development თემები.

 

ასე რომ, გელით ყველას!

 

4 აგვისტო IT Pro Event

დღის წესრიგი (Agenda):

18.45 – 19.00 სტუმრების შეკრება და რეგისტრაცია

19.00 – 19.20 მისალმება

19.20 – 20.10 მოხსენება Lync 2010 - Overviewგიორგი ჯამბაზიშვილი (სისტემური ადმინისტრატორი, იუსტიციის სამინისტრო)

20.10 – 20.20 Coffee-Break

20.20 – 21.10 მოხსენება Enterprise NetworksWindows Server 2008 R2 Network Access Protection and Cisco Easy VPN Server კოტე თვალთვაძე (CCIE #29360, Delta Systems) და - სანდრო გალდავა

21.10 – 21.20 მოხსენებების განხილვა

 

5 აგვისტო Dev Event

დღის წესრიგი (Agenda):

18.45 – 19.00 სტუმრების შეკრება და რეგისტრაცია

19.00 – 19.20 მისალმება

19.20 – 20.10 მოხსენება: Kernel Transaction Manager რომან აკოფოვი

20.10 – 20.20 Coffee-Break

20.20 – 21.10 მოხსენება: ერთჯერადი პაროლების აპლიკაცია Windows Phone 7-ზეგიორგი ალხაზიშვილი

21.10 – 21.20 მოხსენებების განხილვა

 

ადგილ მდებარეობა

სასწავლო ცენტრის „IT Knowledge“ ოფისი

ი. ჭავჭავაძის გამზირი, 17ა

------------------------------------------------

როგორც ყოველთვის შეგახსენებთ რა არის საჭირო რომ დაესწროთ MCP Club Tbilisi-ს სემინარს (თუ რაღათქმაუნდა რეგისტრაცია უკვე არ გაქვთ გავლილი):

1. გაიარეთ რეგისტრაცია, (თუ როგორ უნდა ეს, იხილეთ პოსტი: რა არის საჭირო რომ დაესწრო MCP Club Tbilisi-ის სემინარს?)

2. მოსაწვევი სემინარის ჩატარებამდე 1 კვირით ადრე მოგივათ ელ ფოსტაზე და დაადასტურეთ რომ დაესწერებით სემინარს

3. მობრძანდით და ისიამოვნეთ :)

Tags:

Step By step procedure for create 2-way replication for Oracle Databases

by Vazha Mantua 24. July 2011 13:49

Good Day All,

 

Today we will be talk about oracle streaming.

Oracle Streams is the flow of information either within a single database or from one database to another. Oracle Streams can be set up in homogeneous (all Oracle databases) or heterogeneous (non-Oracle and Oracle databases) environments. The Streams setup uses a set of processes and database objects to share data and messages. The database changes (DDL and DML) are captured at the source; those are then staged and propagated to one or more destination databases to be applied there. Message propagation uses Advanced Queuing mechanism within the Oracle databases.

 

Let see a example: It will be step by step procedure how create 2-way replica(master to master) between 2 oracle databases(Version 10.2.0.4).

We Have 2 identical Database, named ORCL and TEST.

For Step1-Step5 use database user named sys.

 

 

Step 1: Create stream administration user in both databases.

----------ORCL

create user streamadmin identified by streamadmin default tablespace users;

----------TEST

create user streamadmin identified by streamadmin default tablespace users;

Step 2: Required grants to the user streamadmin.

----------on both of the databases(ORCL&TEST)

grant dba,select_catalog_role to streamadmin;

Grants the privileges needed by a user to be an administrator for streams

begin

dbms_streams_auth.grant_admin_privilege('streamadmin',true);

end;

 

Step 3: We will use default HR schema for setting up this replication for table countries

Step 4: Check database parameters required for setting up stream replication

check job_queue_processes parameter , it should not be 0. Also you can set e global_names parameter true, but if you create database links exact as oracle SID’s value true is not necessary.

Step 5: Enable supplemental logging on the tables of the HR user in both of the databases

----------on both of the databases(ORCL&TEST)

ALTER TABLE HR.countries ADD SUPPLEMENTAL LOG DATA (ALL) COLUMNS;

 

Step 6: Create Database Links between the stream administrator users in the both databases.

Logon with streamadmin user…

----------ORCL

CREATE DATABASE LINK TEST CONNECT TO STREAMADMIN IDENTIFIED BY streamadmin USING 'TEST';

----------TEST

CREATE DATABASE LINK ORCL CONNECT TO STREAMADMIN IDENTIFIED BY streamadmin USING 'ORCL';

Step 7: Create Stream Queues under the streamadmin user to apply and capture the database changes to be replicated.

This also needs to be run on both databases as streamadmin user.

----------on both of the databases(ORCL&TEST)

begin

dbms_streams_adm.set_up_queue(queue_table => 'apply_q', queue_name => 'apply_q', queue_user => 'streamadmin');

end;

begin

dbms_streams_adm.set_up_queue(queue_table => 'capture_q',queue_name => 'capture_q',queue_user => 'streamadmin');

end;

Step 8: Setup data capture on both the databases:

Logon with streamadmin user…

----------on both of the databases(ORCL&TEST)

BEGIN

DBMS_STREAMS_ADM.add_table_rules

(table_name => 'HR.COUNTRIES'

,streams_type => 'CAPTURE'

,streams_name => 'CAPTURE_STREAM'

,queue_name => 'CAPTURE_Q'

,include_dml => TRUE

,include_ddl => TRUE

,inclusion_rule => TRUE

);

END;

Step 9: Setup data apply on both the databases:

Logon with streamadmin user…

----------TEST

BEGIN

DBMS_STREAMS_ADM.add_table_rules (

TABLE_NAME => 'HR.COUNTRIES',

STREAMS_TYPE => 'APPLY',

STREAMS_NAME => 'APPLY_STREAM',

QUEUE_NAME => 'APPLY_Q',

INCLUDE_DML => TRUE,

INCLUDE_DDL => TRUE,

SOURCE_DATABASE => 'ORCL');

END;

----------on ORCL

BEGIN

DBMS_STREAMS_ADM.add_table_rules (

TABLE_NAME => 'HR.COUNTRIES',

STREAMS_TYPE => 'APPLY',

STREAMS_NAME => 'APPLY_STREAM',

QUEUE_NAME => 'APPLY_Q',

INCLUDE_DML => TRUE,

INCLUDE_DDL => TRUE,

SOURCE_DATABASE => 'TEST');

END;

Step 10: Setup propagation process on both the databases:

It is basically setting up related between the capture process on one database and apply process on the other database.

Logon with streamadmin user…

----------on ORCL

BEGIN

DBMS_STREAMS_ADM.ADD_TABLE_PROPAGATION_RULES(

TABLE_NAME => 'HR.COUNTRIES',

STREAMS_NAME => 'ORCL_TO_TEST',

SOURCE_QUEUE_NAME =>'CAPTURE_Q',

DESTINATION_QUEUE_NAME => 'APPLY_Q@TEST',

INCLUDE_DML => TRUE,

INCLUDE_DDL => TRUE,

SOURCE_DATABASE => 'ORCL');

END;

----------on TEST

BEGIN

DBMS_STREAMS_ADM.add_table_propagation_rules(

TABLE_NAME => 'HR.COUNTRIES',

STREAMS_NAME => 'TEST_TO_ORCL',

SOURCE_QUEUE_NAME =>'CAPTURE_Q',

DESTINATION_QUEUE_NAME => 'APPLY_Q@ORCL',

INCLUDE_DML => TRUE,

INCLUDE_DDL => TRUE,

SOURCE_DATABASE => 'TEST');

END;

Step 11: Setup schema instantiation SCN on ORCL and TEST DB’s

----------on TEST

DECLARE

ISCN NUMBER;

BEGIN

ISCN := DBMS_FLASHBACK.GET_SYSTEM_CHANGE_NUMBER();

DBMS_APPLY_ADM.set_table_instantiation_scn@ORCL(source_object_name => 'HR.COUNTRIES',source_database_name => 'TEST',instantiation_scn => ISCN);

END;

----------on ORCL

DECLARE

ISCN NUMBER;

BEGIN

ISCN := DBMS_FLASHBACK.GET_SYSTEM_CHANGE_NUMBER();

DBMS_APPLY_ADM.set_table_instantiation_scn@TEST(source_object_name => 'HR.COUNTRIES',source_database_name => 'ORCL',instantiation_scn => ISCN);

END;

 

Step 12: Start capture and apply process:

Setting the disable_on_error parameter to ‘N’ allows the apply process to continue applying row LCRs even when it encounters errors. The default value is ‘Y’ which disables the apply process automatically on the first error encountered.

----------on both DBs

BEGIN

DBMS_APPLY_ADM.SET_PARAMETER (APPLY_NAME => 'APPLY_STREAM', PARAMETER => 'DISABLE_ON_ERROR', VALUE => 'N');

DBMS_APPLY_ADM.START_APPLY (APPLY_NAME => 'APPLY_STREAM');

DBMS_CAPTURE_ADM.START_CAPTURE (CAPTURE_NAME => 'CAPTURE_STREAM');

END;

------------------------------------------------------------------------

Now you can test your replication 2-way replication which means all changes for HR.COUNTRIES from ORCL DB shipped to TEST DB and , all changes from TEST DB shipped to ORCL DB

 

Useful view’s for monitoring process are:

 

dba_apply,

dba_apply_error,

dba_apply_progress ,

dba_apply_enqueue,

dba_capture,

dba_capture_parameters,

dba_capture_prepared_tables

 

 

 

 

 

Tags: ,

Logminer Gives Error - In Memory Undo is unsupported, What is In memory undo?

by Vazha Mantua 12. July 2011 13:44

 

 

Hello All,

Oracle uses undo segments for these proposes

Undo records are used to:

1. Roll back transactions when a ROLLBACK statement is issued

2. Recover the database

3. Provide read consistency

4. Analyze data as of an earlier point in time by using Oracle Flashback Query

5. Recover from logical corruptions using Oracle Flashback features

-----------------------------------------------------------------------------------------------------------------------

In Memory undo!

 

In 10G,Oracle begin use new feature called In memory undo know as IMU, instead of undo

segments, they use memory structure which store undo information. Oracle still creates undo because it must still provide commit, rollback, and read consistency capabilities.

This has many implications. Anytime an Oracle buffer is changed the associated change (called a redo vector) is written into the redo log buffer. Unfortunately,

even if an undo segment is changed its change must also be recorded in the redo log buffer. But since IMUs are not undo segments, their changes

do not generate redo! So IMU will reduce the amount of redo an instance generates.

When we use traditional undo segments for each change , in redo log buffer write information about change of buffer cache block and undo block!

Another amazing feature of IMU is when it comes time to transform the in-memory undo into undo segment format(commit complete),

multiple IMUs can be consolidated into a single undo segment write.

When we use IMU for each change, in redo log buffer write information only for buffer cache block and after when IMU flushed in redo log buffer wrote combine undo info.

As we know Oracle use IMU for small transaction, for large transaction it works with traditional undo segment, but we don’t know it exactly. if we find any article about it we will tell us!

 

 

--------------------------------------------------------------------------------------------------------------------------

Logminer Gives Error - In Memory Undo is unsupported!

 

Why logiminer Gives error?

We see that structure of redo entries is different, for IMU logminer can’t recover full picture of transaction in same time.

 

Now see on metalink, note ID 428167.1 which give us solution for avoid error “In Memory Undo is unsupported” in future!

1.Logminer cannot always populate all the fields of the v$logmnr_contents this is
because the redo may/may not have all the information that we need for every
column. Adding Supplemental Logging will help in more info being logged in the
redo being generated, helping populate more values. This can be done by the
following commands:
SQL> ALTER DATABASE ADD SUPPLEMENTAL LOG DATA (PRIMARY KEY,
UNIQUE INDEX) COLUMNS;
SQL> ALTER SYSTEM SWITCH LOGFILE;
Additionally, it is not unusual for 10g to generate more redo than previously
seen in earlier versions.

 


2: Logminer cannot always populate all the fields of the v$logmnr_contents this is because the redo
may/may not have all the information that we need for every column, you need to enable supplemental
logging on the database following Note 186150.1
Supplemental logging is required to receive reliable and consistent information from logminer.
Without supplemental logging enabled, the redo may not contain enough information
for LogMiner to construct the correct sql_redo (or any sql_redo in the case of in-memory undo, IMU).
LogMiner does not work with IMU and turning supplemental logging on disables IMU.
Please enable supplemental logging as per Note 186150.1 to eliminate these messages and update
whether you still encounter the UNSUPPORTED messages.

3: Logminer may not be able to find sql_redo for transactions that were created before supplemental
logging is enabled.
It will only work for redo's which contains information to extract the correct sql_redo

Tags: ,