Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OS Authentication with winXP client Linux Server

Re: OS Authentication with winXP client Linux Server

From: <hjr.pythian_at_gmail.com>
Date: Mon, 30 Jul 2007 14:14:38 -0700
Message-ID: <1185830078.730322.53000@j4g2000prf.googlegroups.com>


On Jul 31, 6:19 am, DA Morgan <damor..._at_psoug.org> wrote:
> fitzjarr..._at_cox.net wrote:
> > On Jul 30, 11:49 am, DA Morgan <damor..._at_psoug.org> wrote:
> >> fitzjarr..._at_cox.net wrote:
> >>> I'll be more than happy to forward this on to whomever configured the
> >>> server I inherited. Such wasn't MY choice for authentication methods,
> >>> however it's the method I have been given and I have no authority to
> >>> change it.
> >>> Sometimes we must play the hand we're dealt.
> >>> David Fitzjarrell
> >> Forwarding it on to the person who didn't know enough to do it correctly
> >> the first time is essentially guaranteed to change nothing.
>
> >> Forward it to your management with a note indicating that it is a severe
> >> hazard to the health and safety of the organization's data and provide
> >> the documentation to prove it.
> >> --
> >> Daniel A. Morgan
> >> University of Washington
> >> damor..._at_x.washington.edu (replace x with u to respond)
> >> Puget Sound Oracle Users Groupwww.psoug.org
>
> > Management made the decision for this authentication scheme.
>
> > David Fitzjarrell
>
> Based on what input?
> --
> Daniel A. Morgan
> University of Washington
> damor..._at_x.washington.edu (replace x with u to respond)
> Puget Sound Oracle Users Groupwww.psoug.org

I agree with what Dan's question is getting at: Management usually only do something because they've been told it's good for them. Were this management to be properly informed that their databases are not secure and the data they contain are therefore subject to nonauditable  change or destruction by anyone anytime, for which the current DBA cannot take responsibility or be held accountable, I seriously doubt they would continue to insist on having the parameter set. I'd say it's one of the primary DBA responsibilities: to properly appraise management of risk. And this is risky stuff!

We all get saddled with systems that have some howler or another, inherited from some less-capable DBA than our good selves... but if we just accept it, I'd suggest we're ducking a key responsibility. In this case, I had exactly the same problem about December of last year (see: http://www.dizwell.com/prod/node/455) and I was fortunately in a position to change the parameter after a modest bit of explanation and demonstration. If they hadn't agreed to the change, I would either (a) have resigned or (b) carried on working there having sent an email to senior management pointing out that as their DBA I took zero responsibility for the future integrity of their databases and the data they contained. It is always management's prerogative to ignore the advice they are given, but that they should be given it is, I would suggest, what DBAs are there to do. Received on Mon Jul 30 2007 - 16:14:38 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US