Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: oracle 9i connection string with SYS account

Re: oracle 9i connection string with SYS account

From: Knut Talman <knut.talman_at_mytoys.de>
Date: Tue, 4 Jun 2002 18:35:15 +0200
Message-ID: <adiqc1$c86$1@crusher.de.colt.net> 





> > Do not use SYS, create a new user. If the user needs access to sys

objects


> > grant dba to the new user.




> I would argue that you should never grant DBA to any user. DBA is just a

package


> of privileges that have no relationship to anything but are a great way to

> compromise system security. If you need to grant access to all tables then

GRANT



> SELECT ANY TABLE though it would be better to grant SELECT on specific

objects


> on an as-needed basis.

>

> And don't get me started about CONNECT. I think Oracle should rethink the

entire


> concept of the CONNECT role and preferably dump it. The first thing I do

to a


> new database after changing the SYS and SYSTEM passwords is drop CONNECT

and


> create a role that actually provides appropriate access. To many people

think


> CONNECT is the privilege to connect to the database and that just isn't

the


> case.




Full ACK. But the original poster will nuke his database anyway.



Regards,



Knut
Received on Tue Jun 04 2002 - 11:35:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US