Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: DBAs, roles and privs

Re: DBAs, roles and privs

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Tue, 18 May 2004 13:10:51 +0100
Message-ID: <p4tmk3AL1fqARxUv@peterfinnigan.demon.co.uk> 





>I was thinking in terms of

>dropping privileges that, after investigation, seemed dangersous and

>irrelevant to the application. So, for example, I'd feel reasonably

>comfortable dropping ADMINISTER SECURITY or DROP TABLESPACE.

>

>I did not mean to imply that I'd blindly go around dropping privs

>until I finally got to CREATE SESSION.

>



Hi Daniel,



I understand what you mean, it would probably be reasonable to revoke
some privileges but i think the key point is that the vendor should do
it not the original poster. he needs to push his management and the
vendor to realise that granting everything is not just bad security but
bad development practice.



kind regards



Pete


-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Tue May 18 2004 - 07:10:51 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US