Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

From: Karen Hill <karen_hill22_at_yahoo.com>
Date: 6 Sep 2006 16:01:11 -0700
Message-ID: <1157583671.674789.138670@m79g2000cwm.googlegroups.com> 






DA Morgan wrote:



>

>  From my experience with auditors ... decrypting the audit trail is not

> the issue. The audit trail should be readily available for reading. And

> I use DBMS_DDL.CREATE_WRAPPED to build both encrypt and decrypt day one.

> The issue is can anyone alter the audit trail without detection. That is

> much more difficult.

>

> Keep in mind the issue is a good faith effort to comply with the law.

> Not can I defeat the world's number one Oracle security expert.

>




Well once an exploit becomes known, does it take a Pete Finnigan to
exploit it?  Of course not.  It just becomes something a lamer would be
able to use just by simply downloading a root kit off the net. Could
that then even  be considered a good faith effort to comply with  laws
like Sarb OX?



This means that for all intents and purposes, without a solution to the
offsite log shipping problem, Oracle ends up just being equal to
storing your data on (very expensive) 3x5 cards.
Received on Wed Sep 06 2006 - 18:01:11 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US