Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security issue with Oracle 8i

Re: Security issue with Oracle 8i

From: Daniel Morgan <dmorgan_at_exesolutions.com>
Date: Sat, 27 Apr 2002 04:52:57 GMT
Message-ID: <3CCA2EA9.9902C913@exesolutions.com>


Sean M wrote:

> Pablo Gomez wrote:
> >
> > Sybrand:
> >
> > Thanks for your response to my inquiry. I know that the root user can
> > do everything, like deleting all data files, but one thing is making
> > this attack to the database and another is accesing confidential
> > information. I mean that the CEO of the enterprise trust in his
> > unix/oracle administrator, but I don't think that he is happy of
> > knowing that you can see all the information.
>
> So encrypt the data if it's that sensitive. Otherwise, you're outta
> luck. If an admin has root on your box, she can do as she pleases.
> Unless the data is encrypted (whether it's sitting in an Oracle
> database, a flat file, Sybase, whatever), she can get to it, and there's
> nothing you can do about it (save maybe running on a trusted OS/database
> combo, if they even still exist?). It all comes down to trust. If you
> don't trust the person w/root, encrypt the data. 'course then you have
> to deal with key management, etc.
>
> Regards,
> Sean

Is there no way in Oracle to force a password entry for SYS if you su to oracle?

Daniel Morgan Received on Fri Apr 26 2002 - 23:52:57 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US