Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: PL/SQL Package Execution Privileges
In article <v45aj0fguiu613_at_corp.supernews.com>,
postbus_at_sybrandb.demon.nl says...
>
> While Norman's approach would work, provided the database doesn't crash
> during the alter user command, but I still don't want to do it. The owner of
> Norman's procedure would need to have alter user privilege. The password of
> the account would need to be a *real* password, and it would have to be
> frequently changed itself, because once the password IS compromised, and the
> compromising user has access to the database by using sql*plus, he/she can
> do everything. Dangers come from the outside *AND* the inside!!! You would
> need to disallow sql*plus access to the account, and in the end you are
> asking yourself: why don't we change the dratted passwords ourselves anyway?
> What's the difference?
>
> Regards
>
Thanks for your thoughts... I think we'll propose to leave it as it is
now...
cheers!
-- jeremyReceived on Thu Feb 06 2003 - 12:55:24 CST