| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Database security
I think that we are chasing the wrong problem here. If there is a
possible problem with the sysadmin interfearing with the Oracle database
than a few things have not been done properly.
1. It was not explained properly what the job responsabities are and
that team work is required.
2. the importance of the Oracle database and who is responsable for the
database.
3. The hiring practice need a review and rework.
4. The wrong person was hired as the sysadmin.
I would lean towards 4. if there is a question about the sysdamin
"fiddling" with the Oracle database.
Ron
>>> hkchital_at_singnet.com.sg 03/17/2004 10:40:47 AM >>>
The "backup" is the manager/ IT Security Officer who has the password
[or
the two halves of the password]
written down on a piece of paper , such paper being placed in a
FireProof Safe.
So what happens if the manager / IT Security Officer decides to take a
"peek" at the password ?
Hemant
At 10:30 AM 17-03-04 -0400, you wrote:
>Er... what happens if one of the two people gets hit by a bus?
>
>Just curious.
>
>Patrice.
>-----Original Message-----
>From: Whittle Jerome Contr NCI [mailto:Jerome.Whittle_at_scott.af.mil]
>Sent: March 17, 2004 10:14 AM
>To: oracle-l_at_freelists.org
>Cc: ian_at_slac.stanford.edu
>Subject: RE: Database security
>
>You'd have to hire guards to shoot anyone entering the No Lone Zone
solo.
>Reminds me of my aircraft maintenance days in the military. Of course
the
>stakes were MUCH higher then.
>Jerry Whittle
>ASIFICS DBA
>NCI Information Systems Inc.
>jerome.whittle_at_scott.af.mil
>618-622-4145
>-----Original Message----- From: MacGregor, Ian A.
>[SMTP:ian_at_slac.stanford.edu] There is also the idea of two-man
>control. No one is allowed sole access to the machine room. No one
knows
>the entire root/admin or dba password. I know of many places which
>implement two-man control for physical security, but none that have
>carried it to the computer security level. It would be so
burdensome.
>
>Ian MacGregor Stanford Linear Accelerator Center ian_at_slac.stanford.edu
><<mailto:ian_at_slac.stanford.edu>mailto:ian_at_slac.stanford.edu>
Hemant K ChitaleOracle 9i Database Administrator Certified
Professional
http://hkchital.tripod.com {last updated 24-Jan-04}
"If you wish to leave your footprints on the sand, do not drag your
feet"
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Wed Mar 17 2004 - 09:55:57 CST
 |
 |