| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle 9i on Windows 2003 -- Vulnerability Question
'If an intruder gets to you database server, the game is pretty much
over isn't it? '
Yes, it is.
Thanks,
Estifan
-----Original Message-----
From: Jared Still [mailto:jkstill_at_gmail.com]
Sent: Thursday, November 30, 2006 6:39 PM
To: Panosian, Estifan
Cc: Oracle-L Freelists
Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question
On 11/30/06, Panosian, Estifan <EPanosian_at_edc.ca> wrote:
Hello,
I am trying to make our database more secure, one of the scenarios we
came up is: 'what if an internal hacker (somehow) gets to our databaseserver?'
If an intruder gets to you database server, the game is pretty much over isn't it?
Aside from encrypting the data so that is not accessible by simple SELECT statements (Oracle Advanced Securityt, Data Vault) the intruder pretty much has free reign.
Or perhaps you're just referring to the Oracle Instance itself as the server? In that case, if your database has not been patched to the Oct 2006 CPU level, then any account with a SELECT privilege on a table will have the ability to perform DML on your data. If your version of Oracle is an old one that is no longer patched, there's not much you can do to prevent this.
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-lReceived on Fri Dec 01 2006 - 09:43:20 CST
 |
 |