Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Alert log
"Christian Antognini" <christian.antognini_at_trivadis.com> wrote in message news:<41000af3_at_post.usenet.com>...
> **** Post for FREE via your newsreader at post.usenet.com ****
>
> Hi Mark
>
> > Chris, trace files can and often do contain sensitive data (when bind
> > variable traces are in effect). Allowing wide open access to the
> > trace directories is a security hole and an audit hit if your firm has
> > competent auditors.
>
> Of course these directories can contain sensitive data, i.e. wide open
> access is not a good solution!
> But when a developer has access to the database, she/he has access to some
> sensitive data as well.... therefore I don't understand why such a developer
> should not be able to access the tracefiles!
>
> Chris
>
I would think there might be a difference between dev and production boxes. Giving developers (even good ones) access to a production instance is not generally a good thing. If you have sensitive data, you might not want it to be on a dev box. And if you have a box with development and production instances, you might have some other problems which throws everything in managements lap anyways. And if everyone has root passwords...
jg
-- @home.com is bogus. Cow tipping. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9218957.htmReceived on Thu Jul 22 2004 - 18:59:06 CDT