Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?

Re: OK to revoke privileges from SYS or DBA?

From: Niall Litchfield <niall.litchfield_at_dial.pipex.com>
Date: Wed, 8 Dec 2004 10:48:30 -0000
Message-ID: <41b6dbf5$0$16582$cc9e4d1f@news-text.dial.pipex.com> 





"Denis Do" <nospam.denisdo_at_yahoo.com> wrote in message 
news:slrncrd15j.j0.nospam.denisdo_at_denisdo.news.google.com...


> BTW, since we already started this topic - what would you, Anurag,

> recommend to do for getting "out of the box installation"

> reasonably secure? I really would like to know, please answer.

> Also it will be good for others, and that can be kind of "What is

> right thing to do" advice.




http://www.petefinnigan.com/orasec.htm would be an excellent place to start.




> From my side, I would recommend (as DM did) do not use well -known roles

> and accounts, create in your DB only those components, you really need and

> never use DBCA.




Why would you never use DBCA? At least to generate the initial scripts.



I'm also intrigued by your suggestion that once the database goes live you 
should never touch anything again. Oracle patches exist for a reason - 
security is one of them. If you *really* have dumped half the data 
dictionary then almost certainly your db cannot be patched and is likely 
less secure than if you'd followed sensible industry standard practices.



-- 
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com 


Received on Wed Dec 08 2004 - 04:48:30 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US