Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent Root access from database
Billy wrote:
> DA Morgan wrote:
>
>
>>I understand your sentiment but it is no longer reasonable in the US and >>some other countries to take that approach. >> >>If root can access the database, without auditing, then you have a clear >>cut violation of United States Federal law.
A problem you may have but I am aware of at least one auditing firm in this country that will refuse to sign off on a compliance audit if UNIX system administrators can gain access to the database.
And some of what is done to prevent it is contorted ... but effective.
> The issue is putting the horses in front of the cart. Business not only
> stating the problem (root can access Oracle as sysdba), but also the
> solution (hack the o/s to prevent this). Not too mention that the
> problem is too vague to determine the solution. What needs to be
> protected on the database side?
The solution is not to hack the O/S: That's just plain ridiculous as well as dangerous. There are very simple solutions to the problem that don't require writing a single line of code.
> --
> Billy
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Fri Jul 29 2005 - 10:44:56 CDT