Re: Verifying passwords have been changed in oracle

Stephen Harris wrote:

> Daniel Morgan <dmorgan_at_exesolutions.com> wrote:
> > Security is best instituted before you start using a database, not after the fact.
> > But you can still accomplish the goal by expiring all passwords and forcing them
> > to be reset.
>
> Yes, we _should_ be doing this security stuff when the database is built.
> Our procedures require it. I need to verify that it has been done; that
> the production DBAs didn't make a mistake or accidentally miss a step.
>
> This is auditing; ie confirmation that stuff has been done properly. I'm not
> enforcing or changing things.
>
> --
> Stephen Harris
> sweh_at_spuddy.mew.co.uk
> The truth is the truth, and opinion just opinion. But what is what?
> My employer pays to ignore my opinions; you get to do it for free.

The only way to audit security is to try to break in.

Daniel Morgan Received on Mon Nov 11 2002 - 14:55:41 CST