Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?

Re: OK to revoke privileges from SYS or DBA?

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Wed, 08 Dec 2004 15:32:45 +1100
Message-ID: <41b683ec$0$12876$afc38c87@news.optusnet.com.au> 





Denis Do wrote:


> On 2004-12-08, Anurag Varma <avdbi_at_hotmail.com> wrote:

> 


>>I won't be surprised that his paranoia eventually leads him to start naming tables using unprintable characters.
>>




> 

> Good idea, BTW! :-)

> To be serious, I truly believe that if you are dealing with DB where,

> lets say, 1mil of CC numbers are stored - there is no such thing as

> paranoia. I prefer paranoidal DBA, who tends to over-complicate things,

> to someone who will blindly follow setup guide and will bring company to 

> prosecution.

> 

> Is it good point or not? :-)





Well, it's missing the point. Daniel (merely as an example) is not 
actually dropping the CONNECT or RESOURCE roles. Oh, he may be dropping 
them under those names, but he is then creating identically-powerful (or 
nealy so) roles with different names.



It's the existence of those powerful roles that's the issue, however, 
for real security, not what they're called. And, especially, once you 
conceed (as Daniel has, thankfully) that the DBA role stays put, under 
that name, then piddling around with lesser roles is a complete waste of 
time.



In a nutshell, the removal of these inbuilt roles, and their replacement 
by renamed equivalents, is simply security through obscurity -which is 
no security at all.



Regarding your specific suggestions, there is nothing wrong with 
paranoia. But when your paranoia renders my database unsupportable or 
unusable, I have a major problem with it! The 1 million credit card 
numbers are presumably in your database because you intend to query them 
and work with them. Dropping half the data dictionary, renaming Lord 
knows what else, and doing everything else you describe would seriously 
compromise that essential reason for having a database in the first place.



Given the Advanced Security features of Oracle; given 
dbms_obfuscation_toolkit; given utlpwdmg; given everything else that is 
available to a DBA to administer an Oracle database, there is precisely 
zero need to wreck a database to make it "secure".



And whilst there may be incredibly rare exceptions to that rule, they 
will not be ones that get talked about on a newsgroup; they won't be 
running on Windows; and they don't justify going public with seriously 
damaging advice for day-to-day use by general DBAs.



Regards


HJR

Received on Tue Dec 07 2004 - 22:32:45 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US