Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle
Daniel Morgan <dmorgan_at_exesolutions.com> wrote:
> Stephen Harris wrote:
>> This is auditing; ie confirmation that stuff has been done properly. I'm not
>> enforcing or changing things.
> The only way to audit security is to try to break in.
Well, hardly. We want to verify that the default is for user passwords to expire in 'n' days... we can check dba_profiles to see if this is set. We want to verify certain accounts have been disabled... we can check the dba_users table to see if the account_status is locked.
We are not verifying the correct functioning of the oracle software, we are attempting to verify configuration of the system.
-- Stephen Harris sweh_at_spuddy.mew.co.uk The truth is the truth, and opinion just opinion. But what is what? My employer pays to ignore my opinions; you get to do it for free.Received on Mon Nov 11 2002 - 15:02:56 CST