Re: Verifying passwords have been changed in oracle

Ed Stevens <spamdump_at_nospam.noway.nohow> wrote:
> How often do you have to audit to insure the sys and system passwords have been
> changed from the default? I would think this is something you'd have to check
> exactly once. And even if there were some fear that it might get set back to

Well, this is merely one test in a suite of tests. I'm building a compliance checker to ensure a build matches the security base line, and one of the baseline tests is that the password is not a default one. Other things will include ensuring SCOTT account doesn't exist, for example. Another would be permissions on the datafiles. And so on.

Initially the program will be executed on new builds to ensure they have been properly setup before going into production, but later there will be automated daily checks to verify nothing has broken.

-- 
                                 Stephen Harris
                              sweh_at_spuddy.mew.co.uk
      The truth is the truth, and opinion just opinion.  But what is what?
       My employer pays to ignore my opinions; you get to do it for free.