Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: DBAs, roles and privs
>I was thinking in terms of
>dropping privileges that, after investigation, seemed dangersous and
>irrelevant to the application. So, for example, I'd feel reasonably
>comfortable dropping ADMINISTER SECURITY or DROP TABLESPACE.
>
>I did not mean to imply that I'd blindly go around dropping privs
>until I finally got to CREATE SESSION.
>
Hi Daniel,
I understand what you mean, it would probably be reasonable to revoke some privileges but i think the key point is that the vendor should do it not the original poster. he needs to push his management and the vendor to realise that granting everything is not just bad security but bad development practice.
kind regards
Pete
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details.Received on Tue May 18 2004 - 07:10:51 CDT