Re: I found the light

DA Morgan <damorgan_at_psoug.org> wrote:

> > What I would like to know is what is it, particularly, about Oracle
> > that makes it compliant with these rules and regulations? I'm sure
> > that an Oracle server has as much potential to be sloppily
> > administered as a PostgreSQL one.
 

> The ability to audit all inserts, updates, and deletes no matter
> who does them, no matter the interface, no matter the authority,
> even if done by expert DBAs and operating system administrators.
> That capability does not exist in ANY open source RDBMS of which
> I am aware.

Could you give me an idea as to how this is done? Surely there must be at least one person who has the SYS/SYSTEM password and can remove all traces of what s/he has done? What is the mechanism stopping this?

It certainly wouldn't be possible using Firebird/Interbase - my "toy" database of choice - basically security there involves not letting a baddie get his hands on the physical file, but a dba (not really a concept that exists for FB/IB - in reality a programmer) could easily change any data s/he wanted by removing a logging trigger, doing what they want, and replacing the trigger after the dirty deed was done. The baddie might have to change the system time for the duration of the breakin, but I can safely say that for any version of FB and IB (not latest), I could do anything and not be traced. My knowledge of PostgreSQL is limited.

What's stopping this in Informix? DB2? MS SQL Server? Sybase?

Paul...

-- 

plinehan __at__ yahoo __dot__ __com__

XP Pro, SP 2, 

Oracle, 9.2.0.1.0 (Enterprise Ed.)
Interbase 6.0.1.0;

When asking database related questions, please give other posters 
some clues, like operating system, version of db being used and DDL.
The exact text and/or number of error messages is useful (!= "it didn't work!").
Thanks.
 
Furthermore, as a courtesy to those who spend 
time analysing and attempting to help, please 
do not top post.