Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent Root access from database

Re: Prevent Root access from database

From: Billy <vslabs_at_onwe.co.za>
Date: 25 Jul 2005 04:16:46 -0700
Message-ID: <1122290206.087996.41650@g49g2000cwa.googlegroups.com>


PhilB wrote:
> Weve got a new security drive underway in our organisation, one of the
> concerns that was raised was that access to the database on our unix
> server should be prevented from the root user. I'm preparing to put
> the argument that the root user is the system admin and as a result can
> do anything, e.g "su" to oracle user account and gain access via a
> "connect / as sysdba" (even if we remove sysdba, surely root can put it
> back !) Is this correct , anyone got any experience of preventing root
> users getting into the database to see the data ?.

Yep. You write a daemon process that creates unique and very complex random passwords and change the root password every 60 seconds.

That will prevent anyone from using root and getting into Oracle as sysdba. Of course, having this security hole now closed is critical, and the fact that you are totally fricken screwed wrt Unix sysadmin totally irrelevant.

Alternatively, tell management to p*ss off and mind their own business.. which is the business side of things and leave their dirty and grubby paws of technical issues that they know jack sh*t about.

--
Billy
Received on Mon Jul 25 2005 - 06:16:46 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US