Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?

Re: OK to revoke privileges from SYS or DBA?

From: DA Morgan <damorgan_at_x.washington.edu>
Date: Tue, 07 Dec 2004 22:17:12 -0800
Message-ID: <1102486526.559982@yasure> 





Denis Do wrote:



> On 2004-12-08, Anurag Varma <avdbi_at_hotmail.com> wrote:

> 


>>I won't be surprised that his paranoia eventually leads him to start naming tables using unprintable characters.
>>




> 

> Good idea, BTW! :-)

> To be serious, I truly believe that if you are dealing with DB where,

> lets say, 1mil of CC numbers are stored - there is no such thing as

> paranoia. I prefer paranoidal DBA, who tends to over-complicate things,

> to someone who will blindly follow setup guide and will bring company to 

> prosecution.

> 

> Is it good point or not? :-)




Credit card numbers is a good example.


So are design specifications for weapons systems.
So are medical records.


So are payroll and disciplinary records for employees.
So are records in a law enforcement agency on ongoing investigations.
So are records of pending and ongoing litigation at law firms.



And some companies that deal with defense issues are required by law
to not only secure specific defense related data but also data on
secondary uses. So, for example, since Air Force 1 is a Boeing 747 ...
by definition much of the information about 747's is classified.



Being security conscious is not being paranoid. There is a word for
people that don't understand the importance of security ... the word is
unemployable: At least where I consult.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu
(replace 'x' with 'u' to respond)


Received on Wed Dec 08 2004 - 00:17:12 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US