Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle

Re: Verifying passwords have been changed in oracle

From: Stephen Harris <sweh_at_spuddy.mew.co.uk>
Date: Mon, 11 Nov 2002 16:02:56 -0500
Message-ID: <0u5pqa.7pe.ln@spuddy.org> 





Daniel Morgan <dmorgan_at_exesolutions.com> wrote:


> Stephen Harris wrote:



>> This is auditing; ie confirmation that stuff has been done properly.  I'm not
>> enforcing or changing things.



> The only way to audit security is to try to break in.




Well, hardly.  We want to verify that the default is for user passwords
to expire in 'n' days... we can check dba_profiles to see if this is set.
We want to verify certain accounts have been disabled... we can check the
dba_users table to see if the account_status is locked.



We are not verifying the correct functioning of the oracle software, we
are attempting to verify configuration of the system.


-- 
                                 Stephen Harris
                              sweh_at_spuddy.mew.co.uk
      The truth is the truth, and opinion just opinion.  But what is what?
       My employer pays to ignore my opinions; you get to do it for free.


Received on Mon Nov 11 2002 - 15:02:56 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US