| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: security question
Richard Piasecki <ogo_at_mailcity.com> wrote in
news:s912stccue9c0433akf3rnab9p9tg2piu6_at_4ax.com:
> Greetings.
>
> I'm currently working for a company that has recently become concerned
> about protecting its intellectual property from its customers. The
> software product the company produces uses an Oracle database, and the
> company now wishes to hide the database schema from customers that
> buy the product.
>
> I've informed my company that I think this request is impossible to
> implement. Since the "system" user can view all the objects in the
> database, preventing access to the account that owns the schema is
> not enough. Access to the "system" user must also be prevented. That
> would mean that my company would need to provide full database
> administration services to the customer and prevent the customer
> from accessing the database (or the computer system on which the
> database runs) in any way.
>
> Before I stick to my guns on this subject, I want to go to all the
> Oracle experts out there and find out if my assertions are correct.
> So, is there any way to prevent the "system" user from viewing the
> schema of another user?
>
> I have no experience with Trusted Oracle, but I do have a background
> in computer security. If Trusted Oracle is certifiable at the B2
> level, then it can probably do this. Does anyone know that this is
> true?
>
>
> --- Rich
>
>
>
I'm willing to bet you, that ANYTHING you configure on MY system, where I have root/administrator privs, I can compromise.
Want to bet? I'll even give you odds if you are willing to bet enough to make it worth my while. Received on Mon Oct 08 2001 - 18:51:20 CDT
 |
 |