RE: DBA's as idiots

From: M Rafiq <>
Date: Mon, 2 Jun 2008 18:50:43 -0400
Message-ID: <BAY107-W523ACD97AF765995F916DEA1BB0@phx.gbl>

This is quite true in most of vendor provided/supported applications. They still use default password every where in their application code and never agree to change regardless of security holes. On top of it those applications are treated as 'validated applications' in pharma industry so no access is given to change them.  

Rafiq> Date: Mon, 2 Jun 2008 16:40:43 -0500> Subject: Re: DBA's as idiots> From:> To:> > I called a vendor out on that situation once. While they didn't grant DBA> to their application schema, they did explicitly (and unexplicably) grant> SELECT on USER$ to it. When the vendor profusely denied my assertion that> their app schema had DBA privs, I offered to show them how, but not before I> was labeled an obstructionist. Silly security is such an obstruction!> > My offer never was accepted. It's unfortunately still probably that way> today. Hopefully those with the app password don't know how to Google...> > Rich> > > I have been on both sides of that conversation. And I have been where this> > DBA may well have been, that is coming up on an implementation date, getting> > ready to go live with real data, and no one especially the vendor has> > bothered to document the reason for all those privileges (like DBA on> > occasion) granted to the application user. And when everyone is too busy to> > document why privileges have been granted, I have often been tempted to do> > what this DBA appears to have done, that is revoke all privileges until> > someone can explain why they have been granted. Wanting to keep my job, I> > have never actually done this, but I have often been tempted.... Though in> > these days of Sarbanes-Oxley, I could definitely see it happening more> > often. I would rather explain why privileges were revoked today, than> > explain to an accountant 6 months down the road why the privileges were> > granted in the first place.> > > -->> >

Make every e-mail and IM count. Join the iím Initiative from Microsoft. MakeCount
Received on Mon Jun 02 2008 - 17:50:43 CDT

Original text of this message