Re: OT - SarBox paranoia prevention ?

Comments in-line.

On 02/19/2005 09:25:12 PM, Chip Briggs wrote:
> Thanks for the laughter, help, and ideas :)

Same here.

> On an IBM mainframe running MVS, a system
> programmer had to specify which datasets
> could contain executable code that could be
> run with operating system authorization.
> Seems like a conceptually similar setup is
> needed for applications to prevent use of
> unauthorized code on application data.
> Compounding this security issue is ongoing
> verification and authorization of programs
> on all platforms (how to prevent a rogue
> executable from impersonating authorized
> production application code).

The whole problem is of religious nature. Most software systems establish t= he=20
role of Lord Almighty, who grants privileges and smites sessions. In the IB= M world,
it was the system programmer, Unix has roots, Oracle has a DBA. All those s= oftware
systems are of monotheistic nature and imply only a single point of authori= ty. What
needs to be rediscovered are polytheistic systems like the one of the ancie= nt Greeks.
My personal favorites were Bacchus and Aphrodite. In such system, DBA would=  be just
the first among the equals, the bridge builder, the pontifex maximus. Hmmm,=  when I=20
come to think of it, that could also lead to some trouble.

--=20
Mladen Gogala
Oracle DBA

--
http://www.freelists.org/webpage/oracle-l