Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SYS/SYSTEM account security - newbie Q

Re: SYS/SYSTEM account security - newbie Q

From: Ed Bruce <Ed.Bruce_at_ha.hac.com>
Date: Mon, 11 Jan 1999 15:35:01 -0600
Message-ID: <369A6E85.C9383B3A@ha.hac.com>


cbeyer_at_my-dejanews.com wrote:
>
> I am an auditor -- not a techie. Based upon my research I recommended to
> better secure the SYS/SYSTEM accounts (e.g. turn over password to IPO and
> activate only when needed.)in order to prevent intentional or UNintential
> changes to the database. Auditee responded that:

My answer to this question is you have to trust somebody. In a Unix based system you need a sysadmin with root privileges. This person can do anything they want. So we hire and train someone we trust to have these privileges.

The same thing with the DBA. You have to hire someone you trust with this level of responsibility. When there is a problem the DBA needs to fix the problem now, not later, not at some point when somebody is going to release a password.

I do agree that the DBA password should be restricted to a few highly paid, trusted individuals. But if you put a stumbling block in their path and make them justify every time they need the password. And if one time they ask for the password and get it, then fail at some audit to justify their need and they get in trouble. What have we taught our DBA, let the problem simmer until its real bad, don't take chances.

later,
Ed Bruce Received on Mon Jan 11 1999 - 15:35:01 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US