Re: Storage problems with Oracle Blobs.

On 5 Dec, 18:45, Ed Prochak <edproc..._at_gmail.com> wrote:
> On Dec 5, 12:24 pm, Jon <bone..._at_gmail.com> wrote:
>
> > On 5 Dec, 16:34, DA Morgan <damor..._at_psoug.org> wrote:
>
> > > Jon wrote:
> > > > When I run my software that adds rows to the table I connect with
> > > > another user which has the SYSDBA role.
>
> > > No user, ever, should have the SYSDBA role with the sole exception of
> > > SYS. And SYS should only be used, infrequently, for those specific jobs
> > > that require it's privileges.
>
> > > This is not just a violation of Oracle's "Least Privileges" rule it is
> > > a violation of any standard of security and governance.
>
> > Just because you have been institutionalised into a big corporate
> > methodology that believes in a particular practice does not mean that
> > it is a defacto standard.
>
> For MANY coporations it is not institutional practice, it is the law
> (Sarbanes-Oxley)
>
>
>
> > > Do yourself and your employer a big favor and learn how to manage Oracle
> > > properly.
>
> > If you had bothered to read my post you would have understood that I
> > am trying to learn about Oracle.
>
> Then read Daniel's post. He is giving you good information.
>
>
>
> > > By posting such insanity here you give newbies the impression that what
> > > you have done is acceptable: It is not.
>
> > As above, if you had bothered to read my post then you would know that
> > I am a "newbie" (to Oracle at least) and who are you to determine from
> > your institutionalised views what is acceptable and what is not ?
>
> Again, it's that Law thing.
> For private companies, it is just good practice. You never know when
> your company may go public (directly or via mergers).
>
> []
>
> > > gazzag
> > > Also, why do you insist on assigning the SYSDBA role to application
> > > logins?
>
> > @ gazzag : Thank you for taking the time to ask. I am designing some
> > software that replicates database schema's between different database
> > providers, I am working in a segregated environment where only I can
> > access the Oracle server and client machines. Therefore I didn't need
> > to spend the time understanding all of the relevant security rights
> > that are needed to allow for such a piece of software to function.
>
> Well you are a newbie to ORACLE yet decide you don't need to follow
> good practices in ORACLE. This post makes it appear you do not want to
> learn anything that doesn't match your preconceived views. Not a good
> plan IMHO.
>
> Ed
> Normally I do not think I am so harsh. The regular coffee in the decaf
> pot this morning may have something to do with it ;^)

Please can we try and get back to the original question of the topic... As I have tried to explain, this is not a production environment it is a test environment run on virtual servers that can only be accessed by myself.

I would never allow users to have dba rights with any production server, not just oracle. But, as this is a test environment then I am not bothered.

If we cannot get passed this point then I would rather end this discussion now as I do not have the time to debate whether or not I should allow myself to have sysdba rights to my personal test oracle server. Received on Wed Dec 05 2007 - 13:19:05 CST