Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: DBA leaving sql*plus unattended: security risk?

Re: DBA leaving sql*plus unattended: security risk?

From: Rick Wessman <rwessman_at_us.oracle.com>
Date: 16 Mar 2001 06:06:20 -0800
Message-ID: <socu24tq04j.fsf@rwessman-sun.us.oracle.com> 






There definitely is a risk. One should never leave a session unattended, as
someone could do any amount of damage, both immediate and future.



"Rene Nyffenegger" <rene.nyffenegger_at_audatex.KEINESPAM.ch> writes:



> Hi everyone

> 

> I was wondering if it is a security risk if a dba (or someone

> else with dba rights) leaves the sql*plus console unattended

> for a short while. I am not refering to immediate risk but

> such that can be exploitet much later. Specifically, what comes

> to my mind is: creating a procedure/function that, when invoked,

> gives the invoker dba rights (like a setuid program under unix).

> 

> Are there such risks or not?

> 

> TIA


> Rene

> 

> 

> 

 

-- 
                                Thanks,
                                Rick
                                Rick Wessman
                                Server Security Group
                                Oracle Corporation
                                rwessman_at_us.oracle.com

     The opinions expressed above are mine and do not necessarily reflect
                         those of Oracle Corporation.


Received on Fri Mar 16 2001 - 08:06:20 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US