| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?
Frank van Bortel wrote:
> Howard J. Rogers wrote: >
> As if this isn't written with a grim smile... >
I didn't say he did, Frank. In fact, my point works precisely because he *didn't* say that. I am pointing out that he is on record as saying that he drops CONNECT and RESOURCE because they have well-known names. Well, *to be ocnsistent*, he should then advocate the renaming of SYS and SYSTEM, since they are very well-known names too! But (obviously quite sensibly) he doesn't... which, therefore, rather undermines the argument he uses for 'renaming' CONNECT and RESOURCE and means that his advice on those roles is ipso facto inconsistent.
> And he has also admitted he was wrong about the > advice to drop the DBA role.
He hasn't, actually. He blamed it on sloppy writing, not on being wrong. But that's a side show. The DBA role is *one* of *three* roles he has advocated dropping. He's backed off on the DBA one, but that leaves two to go. He's still arguing that those should be dropped.
> So, it's only naturally you can come up with a link that still has > this (now admittingly wrong!) advice.
I am not sure what advice or what link you're talking about. But you imply that I am underhandedly linking to out-of-date information in order to do down Daniel. That is not so. Daniel is STILL advocating the dropping of two roles which he shouldn't be. That is very much current information. Dropping those roles and re-creating them, or something very like them, under new names is NOT recommended by Oracle; is NOT actually going to increase security; MAY break your database; MAY compromise your support contract.
> It's like taking a lolly from a baby.
Again, I don't really understand what you mean by that. But if you mean 'this is too easy', I can only reply "if only". Trying to get Daniel to admit that his advice is wrong, flawed, erroneous, dangerous, ill-advised, unsupported and pointless in the first place is a very tall order indeed.
>> It is self-evident that Daniel is somewhat tied up in inconsistent
>> knots on this entire matter. It is a little cruel of you to draw
>> attention to the fact, don't you think?
>>
> > So did you - by replying. > Get off it, children! Playtime is over, no more playing in the sandbox.
Frank, if there's one thing I can't stand, it's people butting into threads and declaring the topic over. It's over for me when I consider the damage and the danger to have passed. It hasn't. Daniel is still pushing ludicrously self-contradictory advice that will do HARM to databases. If you think that's playing, you don't understand.
And if in the process of dealing with his dangerous advice I happen to share a subtle bit of irony with Anurag, that's my affair, not yours. Particularly when the irony seems to have sailed straight over your head.
HJR Received on Wed Dec 08 2004 - 14:01:25 CST
 |
 |