Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle Security Issue
miloann2002 wrote:
> I have the following questions in the Oracle 8 and 9 platforms:
>
> 1. Does the roles need to set password? If no password, any negative
> impact?
No. Just don't grant the roles to the wrong users... ;-)
> 2. Can user data / objects be put in the system tablespace?
No, if database administrator is wise enough not to give/leave quotas on SYSTEM. Of course, the database administrator can, but it's not advisable, even SYSTEM's objects should not be put on SYSTEM (TOOLS is set up by standard installation).
> Can this cause denial of services?
Yes, if SYSTEM tablespace fills up it can have weird consequences...
> 3. Is it critical to set password life, password reuse, and other
> password settings? If we have robust operating system and application
> security, do we still need to configure the password settings in Oracle?
In many countries, laws require passwords to be changed periodically, so, depending on environment, it may be required. Moreover, it automatically locks out unneeded/unused accounts.
Remember that overall security is the one of the weakest link, so if SYSTEM's or a critical user's password is weak, someone could log in and sabotage the database without involving OS or application security.
>
> Thanks.
>
>
Umberto Received on Fri Sep 09 2005 - 10:58:43 CDT