Home » RDBMS Server » Security » auditing DB access through ColdFusion (CFML 9, DB
auditing DB access through ColdFusion [message #589840] Thu, 11 July 2013 05:55
John Watson
Messages: 8593
Registered: January 2010
Location: Global Village
Senior Member
Has anyone set up auditing for a ColdFusion application, that will capture the end user's identity? Not just the CF database logon?
CF uses the usual model: a pool of persistent database sessions, supporting many browser sessions. Details of the end user can be stored as a set of session variables (there is a cookie, or something, that connects browser to the correct set) and I can use them to set a context and a client_id. But the problem is that CF has a multi-threading model that applies within a session: if one page request from the browser invokes several queries to generate the page, it is possible that each query could go to a different pooled connection. So I would need to set the client_id for each query - which would mean, in effect, re-writing the entire application to wrap every query inside a procedure.
I know this question may have to go to a CF forum, but I wanted to try here first, in case anyone has done it before, or can suggest anything.
Thank you for any insight.
Previous Topic: How to find the user and ipaddress from oracle database
Next Topic: windows authentication and connection in Oracle
Goto Forum:

Current Time: Sun Sep 19 05:36:57 CDT 2021