Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: DBA leaving sql*plus unattended: security risk?

Re: DBA leaving sql*plus unattended: security risk?

From: Daniel A. Morgan <dmorgan_at_exesolutions.com>
Date: Thu, 15 Mar 2001 19:30:15 -0800
Message-ID: <3AB188C7.1A689C22@exesolutions.com> 






> I was wondering if it is a security risk if a dba (or someone

> else with dba rights) leaves the sql*plus console unattended

> for a short while. I am not refering to immediate risk but

> such that can be exploitet much later. Specifically, what comes

> to my mind is: creating a procedure/function that, when invoked,

> gives the invoker dba rights (like a setuid program under unix).

>

> Are there such risks or not?




The answer is so obvious I am amazed you asked the question.



Let me rephrase what you wrote:



Is it a security risk to leave unattended an access point that could be
used to compromise 100% of the data, corrupt it, delete it, drop every
schema, drop every tablespace, and even drop the database not to mention
probably taking out most of the host server's operating system.



My answer: Of course not. <g>



Daniel A. Morgan
Received on Thu Mar 15 2001 - 21:30:15 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US