fitzjarrell_at_cox.net wrote:
> On Jul 31, 8:10 am, DA Morgan <damor..._at_psoug.org> wrote:
>> fitzjarr..._at_cox.net wrote:
>>> On Jul 30, 4:14 pm, hjr.pyth..._at_gmail.com wrote:
>>>> On Jul 31, 6:19 am, DA Morgan <damor..._at_psoug.org> wrote:
>>>>> fitzjarr..._at_cox.net wrote:
>>>>>> On Jul 30, 11:49 am, DA Morgan <damor..._at_psoug.org> wrote:
>>>>>>> fitzjarr..._at_cox.net wrote:
>>>>>>>> I'll be more than happy to forward this on to whomever configured the
>>>>>>>> server I inherited. Such wasn't MY choice for authentication methods,
>>>>>>>> however it's the method I have been given and I have no authority to
>>>>>>>> change it.
>>>>>>>> Sometimes we must play the hand we're dealt.
>>>>>>>> David Fitzjarrell
>>>>>>> Forwarding it on to the person who didn't know enough to do it correctly
>>>>>>> the first time is essentially guaranteed to change nothing.
>>>>>>> Forward it to your management with a note indicating that it is a severe
>>>>>>> hazard to the health and safety of the organization's data and provide
>>>>>>> the documentation to prove it.
>>>>>>> --
>>>>>>> Daniel A. Morgan
>>>>>>> University of Washington
>>>>>>> damor..._at_x.washington.edu (replace x with u to respond)
>>>>>>> Puget Sound Oracle Users Groupwww.psoug.org
>>>>>> Management made the decision for this authentication scheme.
>>>>>> David Fitzjarrell
>>>>> Based on what input?
>>>>> --
>>>>> Daniel A. Morgan
>>>>> University of Washington
>>>>> damor..._at_x.washington.edu (replace x with u to respond)
>>>>> Puget Sound Oracle Users Groupwww.psoug.org
>>>> I agree with what Dan's question is getting at: Management usually
>>>> only do something because they've been told it's good for them. Were
>>>> this management to be properly informed that their databases are not
>>>> secure and the data they contain are therefore subject to non-
>>>> auditable change or destruction by anyone anytime, for which the
>>>> current DBA cannot take responsibility or be held accountable, I
>>>> seriously doubt they would continue to insist on having the parameter
>>>> set. I'd say it's one of the primary DBA responsibilities: to properly
>>>> appraise management of risk. And this is risky stuff!
>>>> We all get saddled with systems that have some howler or another,
>>>> inherited from some less-capable DBA than our good selves... but if we
>>>> just accept it, I'd suggest we're ducking a key responsibility. In
>>>> this case, I had exactly the same problem about December of last year
>>>> (see:http://www.dizwell.com/prod/node/455) and I was fortunately in a
>>>> position to change the parameter after a modest bit of explanation and
>>>> demonstration. If they hadn't agreed to the change, I would either (a)
>>>> have resigned or (b) carried on working there having sent an email to
>>>> senior management pointing out that as their DBA I took zero
>>>> responsibility for the future integrity of their databases and the
>>>> data they contained. It is always management's prerogative to ignore
>>>> the advice they are given, but that they should be given it is, I
>>>> would suggest, what DBAs are there to do.- Hide quoted text -
>>>> - Show quoted text -
>>> You act as though I've said nothing to management; nothing could be
>>> further from the truth. I was told, by several in the management
>>> chain, that the Network Security group was charged with securing the
>>> intranet from intruders, and as such my concerns were unfounded.
>>> Explain as I could nothing would budge anyone from laying
>>> responsibliity elsewhere, most notably to a group not represented in
>>> the exchange.
>>> David Fitzjarrell
>> I think you are misunderstanding. We have no idea what you have or
>> have not done. Only that you made the statement you were going to take
>> the issue to the same person that already made a bad decision.
>>
>> What we are suggesting is that management made a bad decision because
>> they did not have the facts in front of them when the decision was
>> made.
>> --
>> Daniel A. Morgan
>> University of Washington
>> damor..._at_x.washington.edu (replace x with u to respond)
>> Puget Sound Oracle Users Groupwww.psoug.org- Hide quoted text -
>>
>> - Show quoted text -
>
> Not having the facts and dismissing said facts are two different
> things; you assume the first when the second is the actual situation.
>
>
> David Fitzjarrell
Then I'd recommend updating your resume and finding an opportunity
where the management has a different attitude.
--
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org
Received on Tue Jul 31 2007 - 17:59:17 CDT
