Re: CREATE DATABASE LINK privilege discussion
From: Yechiel Adar <adar666_at_inter.net.il>
Date: Mon, 31 Oct 2011 07:31:55 +0200
Message-id: <4EAE32CB.2020404_at_inter.net.il>
body p { margin-bottom: 0cm; margin-top: 0pt; } I read with interest this discussion but I failed to see the problem. Let him create all the dblinks in the world, but do not grant him create session or select on production tables.
You can tell the manager about the latest big security breach that unveiled last week in Israel.
A worker in a government computer center had access to production and he downloaded and sold the citizen registry of the whole country. If you give connect and select privilege production to developers you open upa HUGE security breach.
We daily copy and scramble production data for use by developers. I suggest you try to do it this way.
Yechiel Adar Israel
On 29/10/2011 17:20, Taylor, Chris David wrote: I am curious how many of you grant your developers the 'CREATE DATABASE LINK' privilege in 10g or higher? We have a production read-only account that is setup to provide support for troubleshooting production support issues and one of my developers (out of approximately 20 devs) created a database link from a development database toproduction for his application.
Date: Mon, 31 Oct 2011 07:31:55 +0200
Message-id: <4EAE32CB.2020404_at_inter.net.il>
body p { margin-bottom: 0cm; margin-top: 0pt; } I read with interest this discussion but I failed to see the problem. Let him create all the dblinks in the world, but do not grant him create session or select on production tables.
You can tell the manager about the latest big security breach that unveiled last week in Israel.
A worker in a government computer center had access to production and he downloaded and sold the citizen registry of the whole country. If you give connect and select privilege production to developers you open upa HUGE security breach.
We daily copy and scramble production data for use by developers. I suggest you try to do it this way.
Yechiel Adar Israel
On 29/10/2011 17:20, Taylor, Chris David wrote: I am curious how many of you grant your developers the 'CREATE DATABASE LINK' privilege in 10g or higher? We have a production read-only account that is setup to provide support for troubleshooting production support issues and one of my developers (out of approximately 20 devs) created a database link from a development database toproduction for his application.
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Oct 31 2011 - 00:31:55 CDT