Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: PL/SQL Package Execution Privileges

Re: PL/SQL Package Execution Privileges

From: Jeremy Ovenden <newspostings_at_hazelweb.co.uk>
Date: Thu, 6 Feb 2003 18:55:24 -0000
Message-ID: <MPG.18acbff2c3d02f6f9896b7@news.cis.dfn.de> 





In article <v45aj0fguiu613_at_corp.supernews.com>, 
postbus_at_sybrandb.demon.nl says...



> 

> While Norman's approach would work, provided the database doesn't crash

> during the alter user command, but I still don't want to do it. The owner of

> Norman's procedure would need to have alter user privilege. The password of

> the account would need to be a *real* password, and it would have to be

> frequently changed itself, because once the password IS compromised, and the

> compromising user has access to the database by using sql*plus, he/she can

> do everything. Dangers come from the outside *AND* the inside!!! You would

> need to disallow sql*plus access to the account, and in the end you are

> asking yourself: why don't we change the dratted passwords ourselves anyway?

> What's the difference?

> 

> Regards

> 



Thanks for your thoughts... I think we'll propose to leave it as it is 
now...



cheers!


-- 

jeremy


Received on Thu Feb 06 2003 - 12:55:24 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US