| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: OS Authentication with winXP client Linux Server
On Jul 31, 8:10 am, DA Morgan <damor..._at_psoug.org> wrote:
> fitzjarr..._at_cox.net wrote:
> > On Jul 30, 4:14 pm, hjr.pyth..._at_gmail.com wrote:
> >> On Jul 31, 6:19 am, DA Morgan <damor..._at_psoug.org> wrote:
>
> >>> fitzjarr..._at_cox.net wrote:
> >>>> On Jul 30, 11:49 am, DA Morgan <damor..._at_psoug.org> wrote:
> >>>>> fitzjarr..._at_cox.net wrote:
> >>>>>> I'll be more than happy to forward this on to whomever configured the
> >>>>>> server I inherited. Such wasn't MY choice for authentication methods,
> >>>>>> however it's the method I have been given and I have no authority to
> >>>>>> change it.
> >>>>>> Sometimes we must play the hand we're dealt.
> >>>>>> David Fitzjarrell
> >>>>> Forwarding it on to the person who didn't know enough to do it correctly
> >>>>> the first time is essentially guaranteed to change nothing.
> >>>>> Forward it to your management with a note indicating that it is a severe
> >>>>> hazard to the health and safety of the organization's data and provide
> >>>>> the documentation to prove it.
> >>>>> --
> >>>>> Daniel A. Morgan
> >>>>> University of Washington
> >>>>> damor..._at_x.washington.edu (replace x with u to respond)
> >>>>> Puget Sound Oracle Users Groupwww.psoug.org
> >>>> Management made the decision for this authentication scheme.
> >>>> David Fitzjarrell
> >>> Based on what input?
> >>> --
> >>> Daniel A. Morgan
> >>> University of Washington
> >>> damor..._at_x.washington.edu (replace x with u to respond)
> >>> Puget Sound Oracle Users Groupwww.psoug.org
> >> I agree with what Dan's question is getting at: Management usually
> >> only do something because they've been told it's good for them. Were
> >> this management to be properly informed that their databases are not
> >> secure and the data they contain are therefore subject to non-
> >> auditable change or destruction by anyone anytime, for which the
> >> current DBA cannot take responsibility or be held accountable, I
> >> seriously doubt they would continue to insist on having the parameter
> >> set. I'd say it's one of the primary DBA responsibilities: to properly
> >> appraise management of risk. And this is risky stuff!
>
> >> We all get saddled with systems that have some howler or another,
> >> inherited from some less-capable DBA than our good selves... but if we
> >> just accept it, I'd suggest we're ducking a key responsibility. In
> >> this case, I had exactly the same problem about December of last year
> >> (see:http://www.dizwell.com/prod/node/455) and I was fortunately in a
> >> position to change the parameter after a modest bit of explanation and
> >> demonstration. If they hadn't agreed to the change, I would either (a)
> >> have resigned or (b) carried on working there having sent an email to
> >> senior management pointing out that as their DBA I took zero
> >> responsibility for the future integrity of their databases and the
> >> data they contained. It is always management's prerogative to ignore
> >> the advice they are given, but that they should be given it is, I
> >> would suggest, what DBAs are there to do.- Hide quoted text -
>
> >> - Show quoted text -
>
> > You act as though I've said nothing to management; nothing could be
> > further from the truth. I was told, by several in the management
> > chain, that the Network Security group was charged with securing the
> > intranet from intruders, and as such my concerns were unfounded.
> > Explain as I could nothing would budge anyone from laying
> > responsibliity elsewhere, most notably to a group not represented in
> > the exchange.
>
> > David Fitzjarrell
>
> I think you are misunderstanding. We have no idea what you have or
> have not done. Only that you made the statement you were going to take
> the issue to the same person that already made a bad decision.
>
> What we are suggesting is that management made a bad decision because
> they did not have the facts in front of them when the decision was
> made.
> --
> Daniel A. Morgan
> University of Washington
> damor..._at_x.washington.edu (replace x with u to respond)
> Puget Sound Oracle Users Groupwww.psoug.org- Hide quoted text -
>
> - Show quoted text -
Not having the facts and dismissing said facts are two different things; you assume the first when the second is the actual situation.
David Fitzjarrell Received on Tue Jul 31 2007 - 08:55:31 CDT
 |
 |