| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Userid's/Passwords and Application Development
Van Messner wrote:
> Spoken like a true academic who knows absolutely nothing about our
> databases, how they are used, and what they are used for. And in what part
> of my posting did you see that we allow end-users to connect as a schema
> owner????
>
> "Daniel Morgan" <damorgan_at_exxesolutions.com> wrote in message
> news:3F0F4F66.D40121C7_at_exxesolutions.com...
> > Van Messner wrote:
> >
> > > It partly depends on how your databases are organized. In our case
> single
> > > databases support multiple projects although some parts of some projects
> may
> > > interlink with one another.
> >
> > > <snipped>
> >
> > I disagree. You don't base your standards on how things are organized ...
> you
> > organize based upon having logical standards.
> >
> > There is no excuse for end-users ever connecting as the schema owner.
> > --
> > Daniel Morgan
> > http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp
> > damorgan_at_x.washington.edu
> > (replace 'x' with a 'u' to reply)
> >
> >
A true academic that has been a part-time academic for four years and has been banging code likely from before you were born ... 1969 in Fortran IV on a 370-145 with punch cards.
That said ... to me hard coding user id and password into something that connects is connecting as the schema owner, perhaps I over-stretched my assumption but it is inexcusable non-the-less.
I really don't give a hoot how you use your databases. There are lots of people that do lots of 'interesting' things with databases, spreadsheets, and gerbils. The point is that you should not be doing what you are doing. And you don't change the way you do business to match bad design ... you change the design.
Feel free to ignore my opinion ... just know that someone with my skills will have no problem cracking your database and either trashing it or stealing vital information should they gain either physical or network access.
-- Daniel Morgan http://www.outreach.washington.edu/extinfo/certprog/oad/oad_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Sat Jul 12 2003 - 11:45:26 CDT
 |
 |