Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Stop using SYS, SYSTEM?

RE: Stop using SYS, SYSTEM?

From: Jesse, Rich <Rich.Jesse_at_qtiworld.com>
Date: Wed, 12 Nov 2003 13:39:26 -0800
Message-ID: <F001.005D673C.20031112133926@fatcity.com> 





And as Arup's Oracle Magazine's DBA of the Year for 2003, he's probably
right.



Congrats, Arup!




Rich


Rich Jesse                           System/Database Administrator
rjesse_at_qtiworld.com                  Quad/Tech Inc, Sussex, WI USA






> -----Original Message-----

> From: Arup Nanda [mailto:orarup_at_hotmail.com]

> Sent: Wednesday, November 12, 2003 3:14 PM

> To: Multiple recipients of list ORACLE-L

> Subject: Re: Stop using SYS, SYSTEM?

> 

> 

> Ron,

> 

> It is a good practice, in general, to stop using SYS and 

> SYSTEM accounts for

> everyday use. The simplest rule of thumb is accountability 

> somehow increases

> many times over when you link a database named user to a 

> physical person,

> not a ethereal entity like SYS. This is especially true if 

> you use auditing

> and turn on SYSDBA auditing; but even if you don't sometimes 

> the use of

> specific named users put people on the alert when they do something

> potentially dangerous and can avoid accidents.

> 

> The other reason of not using SYS is to avoid accidental 

> creation of objects

> in SYS and SYSTEM schema. The best option is to lock SYSTEM 

> user and never

> let SYS user. Unfortunately you can't lock the SYS user.

> 

> Third, you can create default tablespaces for all these DBA 

> users to hold

> their objects, specifically temporary/occasional tables (not 

> the global

> temporary tables), test tables, etc. and all those will not 

> get into SYSTEM

> tablespace.

> 

> Perhaps I should mention here is that I also conduct database security

> audits for corporations. But unlike your auditors, I tend to 

> follow the

> advice up with more detailed information :)

> 

> Arup Nanda

> www.proligence.com


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jesse, Rich
  INET: Rich.Jesse_at_qtiworld.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Wed Nov 12 2003 - 15:39:26 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US