|
Problem IC98130
|
Status: Geschlossen |
Parameter markers can unexpectedly be logged when auditing a table |
| Produkt: |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 |
| Problembeschreibung: |
When defining a database audit policy to audit EXECUTE category
events, one can specify WITH DATA or WITHOUT DATA as part of
the DDL. When WITHOUT DATA is specified, input data values
provided for any host variables and parameter markers are not
logged as part of the EXECUTE category. However, if such policy
is used to audit a table object, input data values provided for
host variables and parameter markers could be logged
unexpectedly.
Problem Reproducible Steps:
1) Edit repro.java for correcting url
2) $ javac repro.java
3) $ repro_tab.sh USERNAME PASSWORD
--> will create audit.tab.out file
--> it records parameter marker
=======================
type = CHAR
data = A01 ;
=======================
----- repro_tab.sh ----------------
#!/bin/sh
if [ -z "$1" -o -z "$2" ] ; then
echo "need USERID and PASSWORD." ; exit
fi
db2stop force
db2start
db2 drop db TESTDB
db2 -v create database TESTDB
db2 -v connect to TESTDB
db2 -v "create table test (col1 char(5), col2 char(5))"
db2 -v "insert into test values ('A01','AAAA')"
db2 -v "CREATE AUDIT POLICY EXECPOL CATEGORIES EXECUTE WITHOUT
DATA STATUS BOTH ERROR TYPE NORMAL"
# audit the table ######
db2 -v "audit table TEST using policy EXECPOL"
java repro $1 $2
db2audit flush
db2audit archive database TESTDB
ARCFILE=`ls -1 $HOME/sqllib/security/auditdata | tail -1`
db2audit extract file audit.tab.out from files $ARCFILE
echo "see audit.tab.out file."
---------------------
----- repro.java ----------------
import java.sql.*;
class repro {
public static void main (String argv[]){
try {
Connection con = null;
Class.forName("com.ibm.db2.jcc.DB2Driver");
String url = "jdbc:db2://hidehy.ibm.com:50000/TESTDB";
if (argv.length == 2){
String userID = argv[0];
String passwd = argv[1];
con = DriverManager.getConnection(url,userID,passwd);
}
else
{ throw new Exception
("\n Usage: java repro userID password\n");
}
PreparedStatement pStmt = con.prepareStatement
("SELECT COL2 " +
"FROM TEST " +
"WHERE COL1 = ? ");
pStmt.setString(1,"A01");
ResultSet rs = pStmt.executeQuery();
while ( rs.next() ) {
System.out.println("COL2 = " + rs.getString(1));
}
rs.close();
pStmt.close();
con.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
-------------------------------------- |
| Problem-Zusammenfassung: |
****************************************************************
* USERS AFFECTED: *
* DB2 UDB Version 10.1 *
****************************************************************
* PROBLEM DESCRIPTION: *
* See Error Description *
****************************************************************
* RECOMMENDATION: *
* Upgrade to Version 10.1 FixPack 4. *
**************************************************************** |
| Local-Fix: |
When the same audit policy is used to audit the entire
database, we do not log the parameters.
Try to use:
db2 -v "audit database using policy EXECPOL"
instead of using
db2 -v "audit table TEST using policy EXECPOL"
in repro_tab.sh. |
| verfügbare FixPacks: |
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
|
| Lösung |
Problem was first fixed in DB2 UDB Version 10.1 FixPack 4. |
| Workaround |
keiner bekannt / siehe Local-Fix |
| Bug-Verfolgung |
Vorgänger : APAR is sysrouted TO one or more of the following: IC98255
Nachfolger : |
| Weitere Daten |
Datum - Problem gemeldet :
Datum - Problem geschlossen :
Datum - der letzten Änderung:
| 04.12.2013
03.06.2014
03.06.2014 |
| Problem behoben ab folgender Versionen (IBM BugInfos) |
|
| Problem behoben lt. FixList in der Version |
| 10.1.0.4
|
 |
