Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Help! I'm accused of breaching security!

Re: Help! I'm accused of breaching security!

From: Brian Peasland <peasland_at_edcmail.cr.usgs.gov>
Date: Thu, 3 Feb 2000 13:52:16 GMT
Message-ID: <38998810.CD5B825F@edcmail.cr.usgs.gov> 






> It would also depend on what you were told you were allowed to do.  If you


> were given permission to use the PC for your assignments which used


> MS Access, then you don't automatically get to use other things on the PC.


> 


> As an analogy, if you have access to the company van then it doesn't mean


> you get to help your friend move house.





I kindly have to disagree. If I had the capability to limit what you can
do with the company van and I didn't give you any limitations, then when
you go outside the invisible boundaries I should share the brunt of the
blame since I'm responsible for the use of the van. Giving someone
access to the database is not enough. If it were, why don't we grant the
DBA role to everyone and then hope that they don't do things they are
not supposed to? Oracle has many methods to limit security and it is the
DBA's responsibility to implement and enforce the security. In my
opinion, the DBA is reponsible for ensuring that users can only do the
things that they are allowed to do. I've been in this industry long
enough to know that many users are curious and find all aspects of
computers fascinating. Users will poke around, play, and test the
boundaries. That's not something I want happening to my database.  



> Also depends on what you were doing.  If someone has access to a PC so


> they can browse the web, and then goes to the DOS prompt and types delete


> \*.* then it's going to look pretty suspicious, and one would suspect they


> aren't just "learning" about the PC.





This is a better example in which someone was apparently being
malicious. But once again the PC does not have the capability of
limiting what a user can and can not do with it. Most things on a PC can
be recovered or re-installed should a malicious user do just this
operation. But data is a different story. It can be very difficult if
not impossible to recreate lost data. And data is more valuable to the
organization than a specific point of entry to the data. 



Just my opinions,


Brian
Received on Thu Feb 03 2000 - 07:52:16 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US