Re: Would you recommend such an application for production use?
Date: Wed, 17 Feb 2010 21:08:56 -0800 (PST)
Creating objects in the SYS schema? Them's fightin' words in my book... Take the chance and fragment my SYSTEM tablespace with non-system objects? Someone had better be ready to do some serious explaining to me... :(
As for applications granting too much access, utilizing the schema owner as the application login and other similar poor security choices, it often stems from laziness- plain and simple. These application developers didn't want to take the time to find out what permissions were actually necessary to utilize the features in Oracle or what it would require to create an application login and then handle the security at the application level, etc., etc...
I'd say- 98% of the time, if you have the opportunity to work with the vendor or developer, set the boundaries and security requirements for accessing your database environment, you will find that the application will work just fine with proper application logins, proper roles, (vs. granting DBA or granting to public or other option.) Getting them to agree to try it the first time? Yeah, that's ususually the biggest hurdle... :)
I've hardened a number of applications vs. what the vendor/developer TOLD me were the requirements. The one that I could not remove grants from public? Esri's Arc SDE, so I'm going to have to put a disclaimer on that one... (darn public grants checked and exited if not found by the front end application....grumble, grumble...:))
"Go away before I replace you with a very small and efficient shell script..."
- On Wed, 2/17/10, Martin Bach <development_at_the-playground.de> wrote:
From: Martin Bach <development_at_the-playground.de> Subject: Would you recommend such an application for production use? To: "ORACLE-L" <oracle-l_at_freelists.org> Date: Wednesday, February 17, 2010, 2:20 PM
I tried to come up with a good name for this post but couldn't. So here goes the story:
I have been asked to review a product that management is _very_ keen to deploy in production. Unfortunately before this can happen it has to go through a change management process which implies that "troublemakers" like me can raise their concerns that need addressing. For a change I have access to the source code of the application which makes it even more interesting.
I discovered a number of things I don't like but was wondering what you thought about these-maybe I'm just pedantic? Among the most terrifying ones are:
- The installation script creates a user (default username = password) and grants select privileges on the dictionary to the new application user with grant option.
This is not too great but not too difficult to harden.
- the installation script furthermore creates objects in the sys schema, namely create view foo as select * from someX$view
This is disturbing for me
- the owner of the application schema grants almost complete access on its schema to public. The rationale is that the application needs to allow a user logging into the database through the frontend access to its schema
Now since the software is used for monitoring the health of a web application through the tiers-including Oracle-anyone with connect privileges could access these data...
Did anyone made a similar experience? What did you do?
Interested to hear comments!
MartinReceived on Wed Feb 17 2010 - 23:08:56 CST