[rt-users] How can I detect unauthorized changes to RT?
Jesse Vincent
jesse at bestpractical.com
Thu Mar 30 09:53:34 EST 2006
> Another possibility might be database triggers on update for the
> tables you want to watch. Don't know well that works with mysql but
> it worked fine for a similar problem on oracle that had nothing to do
> with RT. They used a trigger to update an audit table that was scanned
> on a regular basis.
That would assume that an attacker couldn't exploit the database below
the SQL level to modify things.
> I don't remember if the trigger copied the original entry to an
> alternate table or not to allow reverting the change. I remember it
> being discussed but not the outcome.
>
> --
> -- rouilj
>
> John Rouillard
> System Administrator
> Renesys Corporation
> 603-643-9300 x 111
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
>
> We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
>
--
More information about the rt-users
mailing list