Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security issue with Oracle 8i
In article <3CCA2EA9.9902C913_at_exesolutions.com>, Daniel says...
>
>Sean M wrote:
>
>> Pablo Gomez wrote:
>> >
>> > Sybrand:
>> >
>> > Thanks for your response to my inquiry. I know that the root user can
>> > do everything, like deleting all data files, but one thing is making
>> > this attack to the database and another is accesing confidential
>> > information. I mean that the CEO of the enterprise trust in his
>> > unix/oracle administrator, but I don't think that he is happy of
>> > knowing that you can see all the information.
>>
>> So encrypt the data if it's that sensitive. Otherwise, you're outta
>> luck. If an admin has root on your box, she can do as she pleases.
>> Unless the data is encrypted (whether it's sitting in an Oracle
>> database, a flat file, Sybase, whatever), she can get to it, and there's
>> nothing you can do about it (save maybe running on a trusted OS/database
>> combo, if they even still exist?). It all comes down to trust. If you
>> don't trust the person w/root, encrypt the data. 'course then you have
>> to deal with key management, etc.
>>
>> Regards,
>> Sean
>
>Is there no way in Oracle to force a password entry for SYS if you su to
>oracle?
>
>Daniel Morgan
Here's a way that worked in 8i on Unix. I haven't tried it in 9i.
Rick
Rick Wessman Oracle Corporation The opinions expressed above are mine and do not necessarily reflect those of Oracle Corporation.Received on Sat Apr 27 2002 - 10:19:06 CDT