Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Verifying passwords have been changed in oracle
Stephen Harris wrote:
> Daniel Morgan <dmorgan_at_exesolutions.com> wrote:
> > Stephen Harris wrote:
> >> This is auditing; ie confirmation that stuff has been done properly. I'm not
> >> enforcing or changing things.
>
> > The only way to audit security is to try to break in.
>
> Well, hardly. We want to verify that the default is for user passwords
> to expire in 'n' days... we can check dba_profiles to see if this is set.
> We want to verify certain accounts have been disabled... we can check the
> dba_users table to see if the account_status is locked.
>
> We are not verifying the correct functioning of the oracle software, we
> are attempting to verify configuration of the system.
>
> --
> Stephen Harris
> sweh_at_spuddy.mew.co.uk
> The truth is the truth, and opinion just opinion. But what is what?
> My employer pays to ignore my opinions; you get to do it for free.
The only way to tell whether the password for SYS is change_on_install is to type it in at the SQL> prompt.
Daniel Morgan Received on Mon Nov 11 2002 - 17:53:28 CST