Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: ODBC and database security

RE: ODBC and database security

From: Post, Ethan <Ethan.Post_at_ps.net>
Date: Fri, 3 Dec 2004 12:11:53 -0600
Message-ID: <83FCA77436D6A14883E132C63F4101D001D47B5D@pscdalpexch50.perotsystems.net>


You should be aware that program such as MS Access and such frequently store the user name/passwords in the connect strings in plain text. Programs such as Access can be very valuable in the hands of the right user for reporting, moving data etc...however, all too often it ends up in the hands of very evil users who write really weird macros which do things like put your entire 20GB database in an Excel file every night.=20

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Kip.Bryant_at_Vishay.com
Sent: Friday, December 03, 2004 11:54 AM To: Meenakshi.Aggarwal_at_fishersci.com
Cc: oracle-l_at_freelists.org
Subject: Re: ODBC and database security

IMHO the real security issue is with the oracle client install. Sorry if the
following is too obvious... You need to be certain that the DBA utilities are=20
never installed and that the sqlnet config can't be changed so as to avoid=20
system probing. And everyone has changed all default passwords, right? ;-)
Then the remaining issue would be account administration...what your password=20
controls are...(length, content, expiration, sharing of accounts...).

Kip

|Hi All,

|Can anybody share what are database security issues when using ODBC
(set up
|on client PCs).

|Thanks

|--
|http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
Received on Fri Dec 03 2004 - 12:10:16 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US