System Generated Session ID

Similar Messages

• Does SQL Server 2008 R2 recognize only system-generated session identifiers,

  As part of the locking down of our system we are doing the Security Technical Implementation Guide (STIG) and one of the questions it asks is "The DBMS must recognize only system-generated session identifiers."
  I have looked at the STIG version for SQL Server 2012 and this is not a finding on it, since it supports the requirement and cannot be configured out of compliance.
  If anyone can help confirm that this is also the case with SQL Server 2008 R2 that would be very helpful.
  Thank you, Darren
  The discussion of it is:
  This requirement focuses on communications protection at the application session, versus network packet level. The intent of this control is to establish grounds for confidence at each end of a communications session in the ongoing identity of the other
  party and in the validity of the information being transmitted.
  Unique session IDs are the opposite of sequentially generated session IDs which can be easily guessed by an attacker. Unique session identifiers help to reduce predictability of said identifiers. 
  Unique session IDs address man-in-the-middle attacks including session hijacking or insertion of false information into a session. If the attacker is unable to identify or guess the session information related to pending application traffic, they will have
  more difficulty in hijacking the session or otherwise manipulating valid sessions.
  The DBMS must only recognize only system generated session identifiers. If an attacker was able to generate a session with a non-system generated session identifier and have it be recognized by the system, the attacker could potentially gain access to the
  system without passing through access controls designed to limit database sessions to authorized users.

  Hi Darren,
  From your description, do you mean the session_id from DMV sys.dm_exec_sessions? If so, the session_id(s) are all created and handled by SQL Server. When session_id <= 50 , it belongs to a system session, and when session_id > 50, it belongs to a user
  session.
  Below query could help you generate system sessions in SQL Server 2008 R2. Refer to :
  Explore the secrets of session- sys.dm_exec_sessions.
  SELECT
  S.SESSION_ID,
  S.STATUS,
  S.HOST_NAME,
  C.CLIENT_NET_ADDRESS,
  CASE WHEN S.LOGIN_NAME = S.ORIGINAL_LOGIN_NAME THEN S.LOGIN_NAME ELSE S.LOGIN_NAME + ' (' +S.ORIGINAL_LOGIN_NAME + ')' END AS LOGIN_NAME,
  S.PROGRAM_NAME,
  C.CONNECT_TIME, -- DIFFRENT BETWEEN CONNECT & LOGIN TIME IS TIME TAKEN BY PRELOGON ACTIVITIES
  S.LOGIN_TIME,
  CASE S.TRANSACTION_ISOLATION_LEVEL
  WHEN 0 THEN 'UNSPECIFIED'
  WHEN 1 THEN 'READUNCOMITTED'
  WHEN 2 THEN 'READCOMMITTED'
  WHEN 3 THEN 'REPEATABLE'
  WHEN 4 THEN 'SERIALIZABLE'
  WHEN 5 THEN 'SNAPSHOT'
  ELSE CAST(S.TRANSACTION_ISOLATION_LEVEL AS VARCHAR(32))
  END AS TRANSACTION_ISOLATION_LEVEL_NAME,S.LAST_SUCCESSFUL_LOGON, -- REQUIRES 'COMMON CRITERIA COMPLIANCE ENABLED' OPTION VIA SP_CONFIGURE.
  S.LAST_UNSUCCESSFUL_LOGON, -- REQUIRES 'COMMON CRITERIA COMPLIANCE ENABLED' OPTION VIA SP_CONFIGURE.
  S.UNSUCCESSFUL_LOGONS, --REQUIRES 'COMMON CRITERIA COMPLIANCE ENABLED' OPTION VIA SP_CONFIGURE.
  S.CPU_TIME AS CPU_TIME_MS,
  S.MEMORY_USAGE AS MEMORY_USAGE_PAGES,
  S.ROW_COUNT,
  S.PREV_ERROR,
  S.LAST_REQUEST_START_TIME,
  S.LAST_REQUEST_END_TIME,
  C.NET_TRANSPORT,
  C.PROTOCOL_TYPE,
  S.LANGUAGE,
  S.DATE_FORMAT,
  ST.TEXT AS QUERY_TEXT
  FROM
  SYS.DM_EXEC_SESSIONS S
  FULL OUTER JOIN SYS.DM_EXEC_CONNECTIONS C ON C.SESSION_ID = S.SESSION_ID
  CROSS APPLY SYS.DM_EXEC_SQL_TEXT(C.MOST_RECENT_SQL_HANDLE) ST
  WHERE
  S.SESSION_ID IS NULL
  OR S.SESSION_ID < = 50
  ORDER BY
  S.SESSION_ID
  Thanks,
  Lydia Zhang

• The table name for the system generated transactions (Retained Earnings).

  Hi Gurus,
  I have a doubt and want to know from U experts there. Hope you won't let me down. The situation is
  I have created a new chart of account in our Oracle Financial. Uploaded 2007 transactions and opened year 2008 and closed all the periods of year 2007.
  When I open a new year Oracle will do internal process transfer R&L balance to Retained Earnings account and make income & expenses accounts to Zero.
  I want to know the system generated entries which table they are stored, this transaction is not in Gl_Balances table.
  Its an urgent plz reply back soon.
  Thanks in advance
  Barkat

  Hello.
  For EBS 11.5.10.2
  Let’s suppose that the last period of you fiscal year is called ‘LAST-2008’ (not adjusting period). If you have an account with a debtor balance of 100 in this period, when you open the following fiscal year you will find an entry of 100 in the first adjustment period of the fiscal year that the ‘LAST-2008’ period belongs to, in the column BEGIN_BALANCE_DR.
  It is clear that if the balance is creditor you will find it in the BEGIN_BALANCE_CR column.
  Hope this helps.
  Octavio

• Confusion over nested tables and system generated nested tables

  Hi,
  I have been reading other threads about nested tables, naming and updating them etc, but I have what seems
  to me some odd behaviour.
  I modified my schema to set the attribute xdb:maintainDom to be false for a collection and then registered
  the schema with the generate tables option defaulted to true. The result was that I had to add xdb:tableProps
  attributes specifying nested table storage at each element above the collection element, this was because Oracle
  was creating tables at each level. So I have this kind of thing:
  <xsd:element name="BibPt" xdb:SQLType="BIBPT_T"
    xdb:defaultTable="BIBPT"
    xdb:tableProps="NESTED TABLE XMLDATA.PTEES.PTEE_SEC.PTEE STORE AS NESTED_PTEE_SEC
  NESTED TABLE XMLDATA.INVS.INV STORE AS NESTED_INV_BIBPT TABLESPACE BIBLIO">
  <xsd:element name="Ptees" xdb:SQLType="PTEES_T" xdb:tableProps="NESTED TABLE
  XMLDATA.PTEE_SEC.PTEE STORE AS NESTED_PTEE_SEC2">When I did this the nested tables were created, but when I loaded data never had anything in them. Instead
  I found that nestes tables with systems generated names like "SYSNTxxxxxxxxx" has been created that contained
  the data.
  When I registered the schema without the tables being generated, I created a table with this syntax:
  create table poc_wip2 of xmltype
  xmlschema "http://www.derwent.co.uk/wpi.xsd" element "WPI"
  NESTED TABLE XMLDATA."BibPt".PTEES.PTEE_SEC.PTEE STORE AS NESTED_PTEE_SEC
  NESTED TABLE XMLDATA."BibPt".INVS.INV STORE AS NESTED_INV_BIBPT(Thanks to a posting by Sam Monsarrat which showed me this was possible).
  Now I had my named nested tables, which contained the data after it was loaded and no system named
  nested tables.
  So why the difference?
  In the first instance why do my named nested tables stay empty and why does the data go into system
  generated tables I have no control over as regards tablespace placement?
  Is it possible to have a XML schema registered that only generates tables that I have named with the defaultTable
  attribute, rather than all or nothing?
  And last but not least, what's the best approach for this, since I want to be able to access the data via indexes
  on the nested tables.
  Thanks
  Pete

  Hi Pete
  Would you please publish the schema you are using?
  Thanks,
  Tobias

• How do I add validation to a system-generated Selection Screen?

  As HR ABAPers know, using the Logical Database approach (I'm using PNPCE) gives you a system-generated Selection Screen.  Part of the specs I have for this report involves making sure that the begin and end dates for the period selected are for a two-week period.  If not, I should display an error message until the user enters a period such that the period (pn-begda and pn-endda) reflect a two-week period.
  The code for the validation is easy enough, and I put it in the AT SELECTION-SCREEN event.  But here's the problem -- the code fires every time the user clicks the "Reporting Period" drop-down box, never giving the user a chance to specify a two-week period.  It fires because pn-begda and pn-endda are still all zeroes.  Even if I select "Other Period" from the drop-down list, the text boxes to allow me to specify the begin and end dates don't appear.
  I've been working on this for quite a while, trying all kinds of things, but I'm spinning my wheels now.  I just want that check to happen when the user clicks the Execute button on the Selection Screen, not when he/she is still trying to enter criteria.  I'm thinking screen field validation for a system-generated Selection Screen has to be a pretty common thing, and there must be a good solution out there.
  Any ideas?

  Rich,
  Absolutely beautiful -- that's exactly what I needed to learn.  Thank you so much.
  Rob, I thought about that.  I even proposed to the users that I could default in a two-week range beginning with today, exactly as you suggested, but they didn't want that.  They felt that this report would more often than not be run to reflect data from two-week periods not necessarily starting today.  Still thought it was a good idea, but that's their call. _
  Again, thanks Rich.  Points awarded.

• Urgent-how to run 'alter system kill session 'sid, serial#' in form 6i ?

  I want to write a procedure in Form 6i so that user can kill the session by herself.
  I know kill session sql is 'alter system kill session 'sid, serial#'', however, I fould that I can only run it it sql plus screen, how can I run it in Form or in Stored procedure?
  Urgent....Please!

  try using Forms_ddl('alter system......'); in the forms. it will execute the dml statements in the form.
  zaibi.

• System generated index property not generated in database

  Hi,
  I created an offline table by copying it from an (first) online database to my project. The table contains a unique key constraint, which references a system generated index. Now I used this offline table to generate a table in another (second) online database. This all works well except, that the "System Generated" property of the index is "false" and not "true" as in the offline table (and the first online database). When I manually reconcile the same table to the second online database again, there is always a difference shown for this index property. When I try to continue the reconcile process to change this property I get an error message, that the index cannot be dropped because it is obviousely referenced by the unique constraint.
  When I drop the constraint and try to generate the index only I get the following warning message:
  Jan 11, 2012 2:08:59 PM oracle.javatools.db.property.AbstractPropertyManager processDiffs
  WARNING: Unsupported property: systemGenerated
  Is there a way to work around this annoying behavour? Is it possible to change this index property by an ALTER INDEX statement?
  Im using JDeveloper 11.1.2.1.0 (Build JDEVADF_11.1.2.1.0_GENERIC_110907.2314.6081)
  Thanks for help and hints
  Thomas
  Edited by: thmayr on 11.01.2012 05:08

  Hi,
  it might be due to some BUG in RDBMS...
  First Check the Secondary index in TEST system
  Look at the Transport Number in DEV system, If this is having error, then it will show you the error details also,
  If that not moved Properly then you need to create another request for the INDEX and move it again
  See the threads with similar problem...
  Warning: Index does not exist in database system MSSQL
  Index does not exist in database system ORACLE??????
  Re creation of database index
  Hope it will solve your problem...
  <b>Reward Points if useful</b>
  Thanks & Regards
  ilesh 24x7

• Can system update session files be deleted?

  It seems to me ThinkVantage System Update must be keeping everything it downloads.
  I now have on my T60 about 7000 files (2.5GB) of files under
  C:\Program Files\Lenovo\System Update\sessions.
  Does that function not clean up after itself?
  Can any of these files be safely deleted?
  It is ridiculous to increasingly consume disk space like it does.
  Thanks. 
  Solved!
  Go to Solution.

  You can delete everything except system, temp, QuestResponse.xml, and updates.ser. If you delete those, System Update won't be able to start.

• How to block changes in system generated Plan orders

  Hi,
  As after MRP RUN we get Planned order generated by the system,  with type LP  , I have a requirement that system generated plan order quanity cannot be cnhage by the user if plan order is generated for quanity 85  user should not make it 100 no quality chnages,  also the manual plan order type LP cannot be create manully it should be creat by system only,  and for manul other type of plan order type should be use,
  How to do this.
  regards,
  zafar

  Hi
  Firming can be used when you don't want certain planned orders to change during subsequent MRP runs.
  Say today you have created certain palnned orders.
  In a normal scenario, when you do the MRP run again, the planned order may get changed if the requirements have changed.
  However as a normal business practice, it is not desired to change the production plans everytime there is a change in the requirement...especially in the immediate future (maybe a week or so).
  We set this as the planning time fence depending on the MRP type settimg in the material master, you may have firm orders.
  MRP will also generate firm planned orders for materials with MRP type P1 to P4.
  In addition to the above, any planned order that is manually changed is also firmed.
  Hope this may help
  Regards
  BRSR

• System generated cancellation charge but I was out...

  I have a cancellation charge on my final bill that shouldn't be there.
  I spoke to someone at BT and explained that I renewed then cancelled my contract straight away by email within the cooling off period as per consumer protection regulations, before deciding to move to another provider through an approved process.
  He said not to worry as the letters were system generated and to get in contact again to have the charge removed if it appeared on my final bill.
  It did appear on my final and I emailed to get it amended but no-one has done so, or replied to me.
  I've heard there are Mods on here who can move things along a bit.
  Please help!

  Once the Forum Mods have read your post they will post an invite here once you reply to them they will take personal ownership of the problem until resolved
  do not send them a Personal Message as this is the incorrect contact method and cannot be properly tracked also the mod contacted may not be on shift for sometime and this will delay your help
  The forum mods normally reply within3/5 working days after you have contacted them
  They will contact you personally by email or phone
  If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

• How to generate sessions manually in Oracle

  Guys can anybody tell me how I can automatically generate sessions by using some codes rather manually triggering sessions.
  See I'm going to implement a multithreading tool by running the tool on different sessions but on a single instant. So I have to run the scripts manually. So I'm unable to run it at the same time. So can anybody tell me how I can generate multiple sessions at the same time & I can run my tool at same time on different sessions(bt in single instant) so that multiple threads(cursors) in multiple sessions can start at same time. So I can check my multithreading tool's performance?

  A new feature in Oracle8i called autonomous transactions allows you to make and
  save (or roll back) changes within a single PL/SQL block—without affecting the outer or main transaction.
  To make a PL/SQL block an autonomous transaction, simply include this statement in the declaration section of the block:
  PRAGMA AUTONOMOUS_TRANSACTION;
  You can use this statement in any procedure and function and in any non-nested
  anonymous block.
  Example
  create table audit_tab (uname varchar2(30), dt date, msg varchar2(4000));
  create or replace trigger emp_trigger
  before update of SAL on emp
  for each row
  declare
       -- this pragma will allow our trigger to commit and
       -- capture an audit trail record. We can then fail
       -- the triggering statement, preventing the update from
       -- occurring
       pragma autonomous_transaction;
       l_cnt     number;
  begin
       -- this query just makes sure the empno being updated
       -- is a person who reports to the employee doing the update.
       -- connect by is a nice way to build this hierarchy.
       -- since the where clause is processed after the hierarchy
       -- is built, we can easily use exists on this
       select count(*)
       into l_cnt
       from dual
  where exists ( select empno
                 from emp
                 where empno = :new.empno
                 start with mgr =
                 (select empno from emp where ename=USER)
                 connect by prior empno = mgr );
       -- If the exists returns no rows, we have attempted
       -- to update someone who does not work for us. We
       -- will audit the attempt as well as fail the attempt.
       -- the employee salary will not be updated and we will
       -- have a record of the attempt
       if ( l_cnt = 0 )
       then
       insert into audit_tab values ( user, sysdate,
            'Attempt to update salary of ' ||
            :new.ename || '-' || :new.empno);
       commit;
       raise_application_error( -20001,
            'You have tried to do something you should '||
            'not have and we know it');
       end if;
  end;
  Trigger created.
  Benefits
  With autonomous transactions, you can write and save messages in an database log without affecting the main transaction.
  You can execute from SQL PL/SQL functions that change the database.
  You can write PL/SQL components or cartridges that behave nicely in a distributed
  computing environment.
  Khurram Siddiqui

• System generated column names

  Version - Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
  I see some system generated column names(like SYS_C00009_13061211:44:57$,SYS_C00033_13061211:44:57$) in ALL_TAB_COLS view for a partitioned table, not sure how they got created in the first place and tabledoesn't have any virtual columns. Is it something if we drop a column from table and oracle trying to keep them in the dictionary? when i describe the table these "SYS_C00" columns are not showing.
  I am trying to exchange the partition with staging (similar structure) table, but i end up with this error "
  14097. 00000 -  "column type or size mismatch in ALTER TABLE EXCHANGE PARTITION"
  *Cause:    The corresponding columns in the tables specified in the
             ALTER TABLE EXCHANGE PARTITION are of different type or size
  *Action:   Ensure that the two tables have the same number of columns
             with the same type and size."
  Any suggestions would be appreciated.
  Thanks,
  sg

  I have found my solution to this problem.
  My table is compressed table and when i try to drop some of the columns oracle marking them as unused(SYS_CO with timestamp) instead of dropping them. For partition exchange i have created same number of columns as original table in the same order and marked the "dropped" columns as unused on a temporary table. Now i can able to exchange the partition with out any issues
  Thanks to Jonathan and Connor.
  EXCHANGE PARTITION those pesky columns | Learning is not a spectator sport

• How to work around System Generated ID's - GUID?

  Hello Experts:
  We are facing a challenge in our CPROJECTS and CRM modules.
  All the objects are getting assigned a unique 32 character system generated ID which is linked to the actual object. This makes navigation and troubleshooting even more complex.
  My questions are these:
  1. What is the significance of this methodology of assigning System generated ID's (GUID's)? Why do we need these system generated ID's?
  2. How can we convert the objects from internal ID format to external ID format? Is there a function module that would allow us to do that?
  3. All the business content extractors are designed to extract in the internal ID format. What do we do to configure the extractors to use external ID format.
  Any helpful answer will be rewarded.
  Thanks
  MP.

  Hi,
  did you find a workaround concerning this topic? Having the same issue in SRM - BW implementation
  kind regards,
  Steven

• Do we need to create process chain explicitly nor system generates process

  Hi all,
  Do we need to create process chain explicity in bpc netweaver nor the system generates it internally when we run data managment packages
  thanks
  Pooja

  When you install BPC, there is a set of delivered process chains which are installed as well.  You create the data manager packages from the BPC Excel clicent based on these process chains.  You can of create custom BPC process chains in NetWeaver and create packages from those as well(for example via a How-To guide).   So to answer your question, no, you do not have to create the "standard" process chains, and they are not generated by the system either, they are delivered as part of the BPC installation.
  Regards,
  Rich Heilman

• System generated emails - how to include a mandatory prefix for all email

  Good morning.
  I have been asked if there was a way to default a Security Classification into the Subject Line of all SAP system generated emails.
  Examples "[UNCLASSIFIED] Please approve Purchase Order 123456" or "[UNCLASSIFIED] Please approve Absence for Fred Smith".
  I can have the individual code of the Programs that generate the Subject Texts but is there a way to have this default for ALL emails?
  Thanks
  David

  Hi David,
  This one sounds like the one for the Basis guy to look at. They should be able to configure (default) this prefix in the EMAIL/SMTP node(s) as viewed in transaction SCOT. The changes should be done from the IMG (SPRO).
  Regards.