Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Does this happen to you at work?

Re: Does this happen to you at work?

From: Oracle <>
Date: Wed, 11 May 2005 11:51:04 +0800
Message-ID: <003301c555dc$a9edd7b0$0200a8c0@ncs.corp.intads>

I think Jared mean the security is in terms of your intelectual property, the creator use very weird name so that very difficult for someone to learn (or copy part of their work)

On 5/10/05, Jared Still <> wrote:
> On 5/10/05, stephen booth <> wrote:
> > I'm currently in the process of putting together a standards document
> > for Oracle databases and am including a passage stating that databases
> > shall have meaningful names relating to their purpose.
> Why is that better than meaningless names?
> Consider a database hosting 3 different unrelated applicatons.

Whilst I wouldn't go so far as to say that we would never have such a database, it would be very unlikely. Far more likely would be three different instances (and associated databases) on the same box, each instance named for the application it hosted. Should that situation arise we would make a decision as to how to deal with it.

> Meaningful names can also be considered a security risk,
> just as they are with servers.

Security through obscurity, what you're talking about there, is really over rated. If you're remotely competant about general network security (firewalls, federation &c) then the depth of penetration a cracker would have to get where your database names being meaningful would be an issue would mean they'd almost certainly be in a position to put packet sniffers on your network and key stroke loggers on your desktops. Why do they need to worry about working out your database names when they can watch your users type in their passwords and follow the packets to their destination?

Of course if your network and desktop security is good then you're on the look out for anomalies that would indicate sniffing and your desktops are locked down enough to minimise the chance of a keystroke logger being sucessfully installed and to make it obvious if one is.

Your biggest security hole is the people who use your systems, and they already know how to get onto your systems.

Also what would be meaningful to me and my collegues might be utterly incomprehensible to an outsider. As Mike Schmitt said, they have to be meaningful to the the people who need to know, not to everyone.


It's better to ask a silly question than to make a silly assumption.

Received on Tue May 10 2005 - 23:55:08 CDT

Original text of this message