Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Allowing a user read-only access to stored procedure source code"] [Next entry: "more info on DBMS_SYSTEM.KSDWRT"]

Oracle applications auditing

I was browsing the net in the last couple of days looking for articles and information about auditing functionality in Oracle in particular and auditing in general. I found a good paper about auditing Oracle applications on Integrigy's web site.

The paper I downloaded is called "Guide to auditing in Oracle applications" and covers how to implement auditing in the database and also in Oracle applications. It explains the features available, simple configuration steps and discusses best practices for auditing within Oracle applications.

The paper warns us that setting up audit in Oracle applications is complex and error prone but it can satisfy most organisations requirements. The paper also talks about the fact that most companies do not use its full capabilities because of the perceived complexity and performance issues. This is not true (performance issues) if audit is configured correctly. I also discussed some of the same issues in my paper "An introduction to simple Oracle auditing" written for security focus but this paper was aimed solely at the database not applications.

The paper is very well written and structured and gives a good overview of the audit features and how they can be used.