| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: V$ tables
"Pete Finnigan" <pete_at_peterfinnigan.demon.co.uk> wrote in message
news:ztfpDfAa1CM9EwoW_at_peterfinnigan.demon.co.uk...
> HI Daniel
>
> In article <3D2EF3A5.92C44F38_at_exesolutions.com>, Daniel Morgan
> <dmorgan_at_exesolutions.com> writes
> >>
> >> Good point about kill -9 and orakill, i will include those as the
viable
> >> option to alter system kill. I mentioned the risk of alter system in
the
> >> sans guide but didn't suggest an alternative, i will though.
> >
> >Don't forget the simple matter of just writing a wrapper around ALTER
SYSTEM to
> >expose only a single functionality.
> >
> I will add this as well.
>
>
> cheers
>
> Pete
>
> >
> >Daniel Morgan
> >
>
> --
> pete_at_peterfinnigan.demon.co.uk
> pete_at_petefinnigan.com
>
> http://www.pentest-limited.com/oracle-security.htm - "Exploiting and
> protecting Oracle"
>
> http://online.securityfocus.com/infocus/1522 - "A simple Oracle Security
> Scanner"
>
> http://www.pentest-limited.com/default-user.htm - "Oracle Default User
> and Password List"
>
> http://www.pentest-limited.com/utl_file.htm - "Extracting Clear Text
> Passwords from the SGA"
Hi Pete, all,
Sorry about (probably) posting this in the wrong part of this thread, and again sorry if I'm missing something in the discussion, but I don't understand the relevance of kill -9 and orakill in this context. We are talking about database privileges for developers, aren't we? Other than in a training/education environment, who allows developers to log on at OS level to the database server?
Regards,
Paul
btw, my 2c: I don't have a problem with developers having select on almost all of the v$* and dba_* views, provided of course the dba has done his job and secured the database properly. Received on Sat Jul 13 2002 - 13:16:04 CDT
 |
 |