Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent Root access from database
PhilB wrote:
> Weve got a new security drive underway in our organisation, one of the
> concerns that was raised was that access to the database on our unix
> server should be prevented from the root user. I'm preparing to put
> the argument that the root user is the system admin and as a result can
> do anything, e.g "su" to oracle user account and gain access via a
> "connect / as sysdba" (even if we remove sysdba, surely root can put it
> back !) Is this correct , anyone got any experience of preventing root
> users getting into the database to see the data ?.
Yep. You write a daemon process that creates unique and very complex random passwords and change the root password every 60 seconds.
That will prevent anyone from using root and getting into Oracle as sysdba. Of course, having this security hole now closed is critical, and the fact that you are totally fricken screwed wrt Unix sysadmin totally irrelevant.
Alternatively, tell management to p*ss off and mind their own business.. which is the business side of things and leave their dirty and grubby paws of technical issues that they know jack sh*t about.
-- BillyReceived on Mon Jul 25 2005 - 06:16:46 CDT