Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: how bad are these vulnerabilities?

Re: how bad are these vulnerabilities?

From: Niall Litchfield <niall.litchfield_at_dial.pipex.com>
Date: Mon, 18 Dec 2006 23:12:21 +0000
Message-ID: <Uc2dndQvp-y9ghrYRVnyrAA@pipex.net>


DA Morgan wrote:
> Niall Litchfield wrote:

>> DA Morgan wrote:
>>> Well while they are doing that ... perhaps they can explain to your
>>> legal department how they plan to handle SQL Server's inability to meet
>>> SarbOx requirements?
>>
>> Only do that if you want to look rather silly. Legislation does not
>> prohibit particular platforms, just mandates approaches and controls.
>> You can do this with all the leading databases on the market today.

>
> It mandates that you be able to audit the activities of the system
> adminitrators and DBAs. If you can do that on (pre-Vista) Windows I'd
> like to see how.

I'm assuming you mean pre-sql2005 sqlserver rather than pre-vista windows (this being a database forum and you referring to a database product and all) try
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_2ard.asp for size.

You can audit sysadmin and dba activity on windows, and you can fail to do it on *nix environments. To suggest otherwise is rather foolish don't you think.

<thought process>
In an open source world the auditing process and hashing algorithms are open source. Wonder what happens then
</thought process>

-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info/services
Received on Mon Dec 18 2006 - 17:12:21 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US