Re: Hiding data model

From: Stefan Knecht <knecht.stefan_at_gmail.com>
Date: Thu, 29 Jan 2015 12:27:11 +0700
Message-ID: <CAP50yQ8u3gg4Jg-D+z+TDtRn30kAhd40A=DFvaoi0iT5nLmfgg_at_mail.gmail.com>



Have a look at Database Vault. Expensive, but the only way to restrict what SYS can or can't do.

Stefan
On Jan 29, 2015 11:36 AM, "Harmandeep Singh" <singh.bedi_at_gmail.com> wrote:

> Thanks all for the inputs. I am going to use your inputs as perfect
> support to my answer
>
> Best Regards,
> Harmandeep Singh
>
> On Thu, Jan 29, 2015 at 3:56 AM, MARK BRINSMEAD <mark.brinsmead_at_gmail.com>
> wrote:
>
>> Indeed.
>>
>> There have been many times where I have contacted software vendors to
>> report errors in their application code, or even their design. And to
>> supply the fixes.
>>
>> Why would you choose to cut yourself off from thousands of free
>> troubleshooters, some of whom are probably better than any you can afford
>> to keep on your own payroll?
>>
>> That aside, a common side-activity for DBAs is to *evaluate*
>> potential software purchases. When faced with competing products, one with
>> a well-documented data model and the other with a "closed" or "obfuscated"
>> data model, I will always favour the open one. The better I am able to
>> understand a product, the better I am able to support it.
>>
>> You can be certain that an obfuscated data dictionary will shut you
>> out of at least some sales opportunities.
>>
>>
>> On Wed, Jan 28, 2015 at 3:15 PM, Hans Forbrich <fuzzy.graybeard_at_gmail.com
>> > wrote:
>>
>>> On 28/01/2015 4:39 AM, Harmandeep Singh wrote:
>>>
>>>> Hi Experts,
>>>>
>>>> We are having data model for our product, which we do not want to
>>>> expose to our customers. That is we want even the DBA of customer with sys
>>>> privileges should not understand /access the data model( like table
>>>> definitions, columns ).
>>>>
>>>> I am aware of options like VPD, which is data level security feature as
>>>> per my understanding.
>>>>
>>>> Please let me know your thoughts
>>>>
>>>> Thanks,
>>>> Harmandeep Singh
>>>>
>>>>
>>> One solution - put the protection into the contract. Model leaks out,
>>> you get to sue the customer.
>>>
>>> Otherwise, realize that the data dictionary (which is different from,
>>> albeit related to, the data model) is the primary tool the DBA has to
>>> ensuring your product can be secured and tuned.
>>>
>>> The DBAs are actually on your side. Why tick them off?
>>> /Hans
>>> --
>>> http://www.freelists.org/webpage/oracle-l
>>>
>>>
>>>
>>
>

--
http://www.freelists.org/webpage/oracle-l
Received on Thu Jan 29 2015 - 06:27:11 CET

Original text of this message