Re: DBA leaving sql*plus unattended: security risk?

Daniel,

I don't like to be rude, but both your replies in this thread have been what I can only describe as rather patronizing.

These newsgroups are here for people seeking help and wishing to discuss the relevant topics.

Now.... why isn't that PL/SQL procedure working properly...?

Nick

"Daniel A. Morgan" <dmorgan_at_exesolutions.com> wrote in message news:3AB188C7.1A689C22_at_exesolutions.com...
> > I was wondering if it is a security risk if a dba (or someone
> > else with dba rights) leaves the sql*plus console unattended
> > for a short while. I am not refering to immediate risk but
> > such that can be exploitet much later. Specifically, what comes
> > to my mind is: creating a procedure/function that, when invoked,
> > gives the invoker dba rights (like a setuid program under unix).
> >
> > Are there such risks or not?
>
> The answer is so obvious I am amazed you asked the question.
>
> Let me rephrase what you wrote:
>
> Is it a security risk to leave unattended an access point that could be
> used to compromise 100% of the data, corrupt it, delete it, drop every
> schema, drop every tablespace, and even drop the database not to mention
> probably taking out most of the host server's operating system.
>
> My answer: Of course not. <g>
>
> Daniel A. Morgan
>
Received on Mon Mar 19 2001 - 12:34:02 CST