PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Oracle Technology Network: PHP Web Auditing, Authorization and Monitoring with Oracle Database

Note: This article was originally published at PHPDeveloper on 14 September 2010.
PHPDeveloper

On the Oracle Technology Network today there's a new article from Chris Jones about using the client identifier in the OCI8 PHP-to-Oracle connections to help with auditing, profiling and monitoring your Oracle database usage.

This "client identifier" can be used by Oracle Database to distinguish between individual web application users who all connect to the database using one common set of database credentials. For example, every page in a web site might physically connect to the database as the same database user PHPUSER. If two different people 'Chris' and 'Alison' are using the site, these two user names can be set as their respective client identifiers and be passed into the database.

He shows how to set these client identifiers via the oci_set_client_identifier function (and how you could use it in older versions of the OCI8 driver too). He provides a sample application to help you get a good overall picture complete with SQL to load the database and a basic login page to submit and pull that data back out.

He moves over to the database side where he talks about enabling auditing, pulling out the logged application ID and how to use this identifier to restrict access via a Virtual Private Database on the Oracle side.