Re: Privileges by session
Date: Fri, 8 Jan 2010 12:23:15 +0100
have you seen auditors actually use tooling to perform password sanity checks on databases subject to SarbanesOxley, HIPAA, PCI or any number of other legislated security policies ?
I have seen big shops where fancy database compliancy reports, created by the dbas, were just about enough to let the auditors say "Ok, compliant!" Motto: business comes first, security second.
2010/1/7 Jared Still <jkstill_at_gmail.com>
> On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
> wblanchard_at_societyinsurance.com> wrote:
>> I have convinced management to allow me to grant read-only access to the
>> developers. The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls. Is there a way
>> via a
> Is there some reason the obvious solution wont' work?
> That is, change the passwords.
> It would seem the applications in question are not subject to
> HIPAA, PCI or any number of other legislated security policies.
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com