Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Using TOAD on production databases

RE: Using TOAD on production databases

From: Mercadante, Thomas F <thomas.mercadante_at_labor.state.ny.us>
Date: Wed, 18 Aug 2004 07:54:39 -0400
Message-ID: <543DF856D23431489D4B8028C300FBAB08AC93AB@exchsen0a1mb>


My point is that by suggesting such a security policy, you may be giving the lesser-experienced DBA's an idea that it is the correct way to go. In no database is this a correct policy.

The tool is not the problem here. Correct security policy is the tool. And as you said, security by obscurity is no security at all.

Tom Mercadante
Oracle Certified Professional

-----Original Message-----

From: Jesse, Rich [mailto:Rich.Jesse_at_quadtechworld.com] Sent: Tuesday, August 17, 2004 4:25 PM
To: oracle-l_at_freelists.org
Subject: RE: Using TOAD on production databases

I understand and agree with your position, but it wasn't the point -- the point was allowing the sometimes dangerous ease of TOAD into a production DB with hopefully the least amount of destructive ability. It may be construed as security-through-obscurity (which is not security at all), but in some cases, it has it's place. It's orders of magnitude easier for a TOAD user to accidentally drop all tables in a schema than it is in SQL*Plus. And the Schema Browser is an accident that's waiting to happen. He11, I'm just happy that 9i doesn't allow an account with DELETE ANY TABLE to muck up the DD! :)

Rich

-----Original Message-----

Sent: Tuesday, August 17, 2004 1:59 PM
Subject: RE: Using TOAD on production databases

Rich,

Why in the world go through all of this? Why not do it the right way?
Why not use Oracle security as it is designed - do not grant any more access than a person needs.

I'll bet you a $100. Go ahead and set up security based on denial of access from Toad. Give me an Oracle account with full access to the database. And I'll be selling your database's data on e-bay in about 10 minutes.

It is simply foolish to attempt to apply security policy on an Oracle database based on the tool that a person connects with. Foolish and a waste of time.

Hope this helps.

Tom Mercadante
Oracle Certified Professional



Please see the official ORACLE-L FAQ: http://www.orafaq.com

To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line.
--

Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html

-----------------------------------------------------------------
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--

Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
Received on Wed Aug 18 2004 - 06:52:09 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US