Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Security Questions

RE: Security Questions

From: MacGregor, Ian A. <ian_at_slac.stanford.edu>
Date: Tue, 24 Jan 2006 14:49:27 -0800
Message-ID: <7F24308CD176594B8F14969D10C02C6C8A0626@exch-mail2.win.slac.stanford.edu>


Before revoking those privileges
You should run code to check if the package is called by anyone else

Select distinct owner from dba_dependencies Where referenced_name = 'DBMS_RANDOM';

Then grant the privileges directly to those "owners". Any oracle created user you are not using should be locked, its password changed, and expired.

Ian MacGregor
Stanford Linear Accelerator Center
ian_at_slac.stanford.edu  

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of J. Dex Sent: Tuesday, January 24, 2006 7:25 AM
To: oracle-l_at_freelists.org
Subject: Security Questions

For those of you who have had security audits, I am wondering about a couple of things.....

Does it matter if standard Oracle roles are NOT password protected? Does it only need to be non-standard roles that are password protected?

PUBLIC typically has some execute privileges, dbms_random, etc. Will it adversely effect anything if those privileges are revoked?



On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Tue Jan 24 2006 - 16:49:27 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US