Getting the current SQL statement from SYS_CONTEXT using Fine Grained Auditing

The stand-off between Apple and the FBI has moved on. In essence both sides have taken it in turns to refuse to tell each other how to hack an iPhone.

Something else that tends to tell little or nothing in the face of repeated interrogation is SYS_CONTEXT(‘userenv’, ‘current_sql’).
If you’re fortunate enough to be running on Enterprise Edition however, a Fine Grained Auditing Policy will loosen it’s tongue.

Consider the following scenario.
You’ve recently got a job as a database specialist with Spectre.
They’ve been expanding their IT department recently as the result of their “Global Surveillance Initiative”.

There’s not much of a view from your desk as there are no windows in the hollowed out volcano that serves as the Company’s HQ.
The company is using Oracle 12c Enterprise Edition.

Everything seems to be going along nicely until you suddenly get a “request” from the Head of Audit, a Mr Goldfinger.
The requirement is that any changes to employee data in the HR system are recorded, together with the statement executed to change each record.
Reading between the lines, you suspect that Mr White – head of HR – is not entirely trusted by the hierarchy.

Whilst journalling triggers are common enough, capturing the actual SQL used to make DML changes is a bit more of a challenge.
Explaining this to Mr Goldfinger is unlikely to be a career-enhancing move. You’re going to have to be a bit creative if you want to avoid the dreaded “Exit Interview” (followed by a visit to the Piranha tank).

First of all though…. Continue reading

ORACLE Transactions and Fishing on the Underground

It’s that time of year again. Yes, it is the season to be snotty.
“Man-flu”, was Nurse Debbie’s considered medical opinion. Admittedly, she’s feeling a bit under the weather herself and, as we all know, “Bird-flu” is a far more serious condition.

I think I must have picked up this particular bug during my daily commute, which currently involves quite a lot of time on the Tube.

In order to pass the time in the morning crush that is the Northern Line, I’ve taken on a challenge from Simon.

He claims that, apart from St. John’s Wood, there is no other tube station that does not contain at least one letter from the word “Mackrel”.

Whilst this may seem a somewhat esoteric fact, it’s probably quite appropriate to look for bits of fish whilst wedged into a Tube train like a sardine.

The tube map itself includes station on the Overground Network as well as the DLR so, ironically, this does provide a bit of “wiggle-room” for my Mackrel search.

All of which serves to act as an example in the following exploration of how Oracle transactions work…
Continue reading