Call: +44 (0)7759 277220 Call
tst_proxy_mult.sql
Home/tst_proxy_mult.sql
Download SQL script

tst_proxy_mult.sql

-- ---------------------------------------------------------------
-- tst_proxy_mult.sql
-- Pete Finnigan
-- 18-Nov-2010
--
-- This simple script demonstrates that proxy clients can connect
-- to more than one central account. So as an example a central
-- DBA or schema could be accessed by more than one client proxy
-- account. Conversly also a single client proxy account could be
-- used to access more than one central powerful account such as
-- a DBA and a SCHEMA account.
--
-- ---------------------------------------------------------------

spool tst_proxy_mult.lis

doc
	Connect as SYSTEM and remove the two proxy client accounts and the 
	two proxy schemas. 
	
	Re-create the four accounts
	
	We are going to connect to two schemas from one client and then 
	to one schema from two clients.
	
	Allow both clients to connect through one schema

	SQL> connect system/oracle1@//192.168.58.131:1521/orcl
	
	SQL> drop user p1_client cascade;
	SQL> drop user p2_client cascade;
	SQL> drop user p1_schema cascade;
	SQL> drop user p2_schema cascade;
	
	SQL> grant create session to p1_client identified by p1_client;
	SQL> grant create session to p2_client identified by p2_client;
	
	SQL> grant create session to p1_schema identified by p1_schema;
	SQL> grant create session to p2_schema identified by p2_schema;
	
	SQL> alter user p1_schema grant connect through p1_client;
	SQL> alter user p1_schema grant connect through p2_client;
	
#

pause


-- connect sys to admin
connect system/oracle1@//192.168.58.131:1521/orcl

-- remove the accounts
drop user p1_client cascade;
drop user p2_client cascade;
drop user p1_schema cascade;
drop user p2_schema cascade;


-- create two proxy end users
grant create session to p1_client identified by p1_client;
grant create session to p2_client identified by p2_client;

-- create two proxy schemas
grant create session to p1_schema identified by p1_schema;
grant create session to p2_schema identified by p2_schema;

-- allow both client to proxy through one schema
alter user p1_schema grant connect through p1_client;
alter user p1_schema grant connect through p2_client;

-- connect as both clients through schema 1

doc
	connect to each proxy client in turn and proxy to the central
	DBA account. This shows that a single shared DBA account can 
	be used by multiple clients
	
	
	SQL> connect p1_client[p1_schema]/p1_client@//192.168.58.131:1521/orcl
	SQL> @check
	
	SQL> connect p2_client[p1_schema]/p2_client@//192.168.58.131:1521/orcl
	SQL> @check


#
pause

connect p1_client[p1_schema]/p1_client@//192.168.58.131:1521/orcl
@check

connect p2_client[p1_schema]/p2_client@//192.168.58.131:1521/orcl
@check

doc 

	connect as SYSTEM and allow the second schema to be connected to by the
	first proxy client. This demonstrated that one client account can connect
	to multiple schema/DBA accounts
	
	SQL> connect system/oracle1@//192.168.58.131:1521/orcl
	
	SQL> alter user p2_schema grant connect through p1_client;
	
	SQL> select * from proxy_users;
	
	SQL> connect p1_client[p1_schema]/p1_client@//192.168.58.131:1521/orcl
	SQL> @check

	SQL> connect p1_client[p2_schema]/p1_client@//192.168.58.131:1521/orcl
	SQL> @check

#
pause

-- now allow one client, p1 to connect through schema 1 and 2
connect system/oracle1@//192.168.58.131:1521/orcl

alter user p2_schema grant connect through p1_client;

-- select out the proxy
select * from proxy_users;

-- connect now through bioth schemas
connect p1_client[p1_schema]/p1_client@//192.168.58.131:1521/orcl
@check
-- now the second
connect p1_client[p2_schema]/p1_client@//192.168.58.131:1521/orcl
@check


spool off
  • PFCLScan PFCLScan

    Simply connect PFCLScan to your Oracle database and it will automatically discover the security issues that could make your Oracle database vulnerable to attack and to the potential loss of your data.

    Learn more
  • PFCL Obfuscate PFCLObfuscate

    PFCLObfuscate is the only tool available that can automatically add license controls to your PL/SQL code. PFCLObfuscate protects your Intellectual Property invested in your PL/SQL database code.

    Learn more
  • PFCLCode PFCLCode

    PFCLCode is a tool to allow you to analyse your PL/SQL code for many different types of security issues. PFCLCode gives you a detailed review and reports and includes a powerful colour syntax highlighting code editor

    Learn more
  • PFCLForensics PFCLForensics

    PFCLForensics is the only tool available to allow you to do a detailed live response of a breached Oracle database and to then go on and do a detailed forensic analysis of the data gathered.

    Learn more
  • PFCLATK PFCLATK

    PFCLATK is a toolkit that allows detailed pre-defined policy driven audit trails for your Oracle database. The toolkit also provides for a centralised audit trail and centralised activity reporting

    Learn more
  • PFCLCookie PFCLCookie

    PFCLCookie is a useful tool to use to audit your websites for tracking cookies. Scan websites in a natural way using powerful browser driven scanner

    Learn more
  • PFCLSEO PFCLSEO

    We offer a number of web based services such as cookie audits, improving website ranking in search engines, locating broken links and hosting email and websites

    Learn more
  • PFCL Training PFCLTraining

    PFCLTraining is a set of expert training classes for you, aimed at teaching how to audit your own Oracle database, design audit trails, secure code in PL/SQL and secure and lock down your Oracle database.

    Learn more
  • PFCL Services PFCLServices

    Choose PFCLServices to add PeteFinnigan.com Ltd to your team for your Oracle Security needs. We are experts in performing detailed security audits, data security design work and policy creation

    Learn more
  • PFCLConsulting PFCLConsulting

    Choose PFCLConsulting to ask PeteFinnigan.com Limited to set up and use our products on your behalf

    Learn more
  • PFCLCustom PFCLCustom

    All of our software products can be customised at a number of levels. Choose this to see how our products can be part of your products and services

    Learn more
  • PFCLCloud PFCLCloud

    Private cloud, public cloud, hybrid cloud or no cloud. Learn how all of our services, trainings and products will work in the cloud

    Learn more
  • PFCLUserRights PFCLUserRights

    PFCLUserRights allows you to create a very detailed view of database users rights. The focus of the reports is to allow you to decide what privileges and accounts to keep and which to remove.

    Learn more
  • PFCLSTK PFCLSTK

    PFCLSTK is a toolkit application that allows you to provide database security easily to an existing database. PFCLSTK is a policy driven toolkit of PL/SQL that creates your security

    Learn more
  • PFCLSFTK PFCLSFTK

    PFCLSFTK is a toolkit that solves the problem of securing third party applications written in PL/SQL. It does this by creating a thin layer between the application and database and this traps SQL Injection attempts. This is a static firewall.

    Learn more
  • Products We resell PFCLReselling

    PeteFinnigan.com Limited has partnered with a small number of relevant companies to resell their products where they enhance or compliment what we do

    Learn more