| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: How can I secure 'internal' from root?
"Marcin Kasperski" <marckasp_at_friko6.onet.pl> writes:
> >The company I work for is looking for a way to lock the UNIX SA out of the
> >Oracle database. I can't stop them from su'ing to oracle, but can I get
> >svrmgrl to prompt for a password on internal ... like on NT systems? Can I
> >protect a password file from the SA too?
>
>
> Just a short opinion:
> 1) you can not protect any Unix file so that it would be unaccessible by
> root
> 2) even if you make svrmgrl to ask for a password, root can always
> - kill any processes he wants
> - read or delete any files he wants (including the database files)
>
> If you are to protect the database data from root you must encrypt your
> database (i.e. use Trusted Oracle or sth similar). And even then he will be
> able to shutdown or corrupt the instance.
Trusted Oracle does not encrypt the database, so that isn't an option.
--
Rick
Rick Wessman
Security and Directory Technologies
Server Technologies
Oracle Corporation
rwessman_at_us.oracle.com
Received on Thu Oct 01 1998 - 11:34:35 CDT
 |
 |