Re: Question About Oracle Security issue.....

From: Daniel A. Morgan <dmorgan_at_exesolutions.com>
Date: Thu, 05 Apr 2001 22:30:20 -0700
Message-ID: <3ACD546C.7ABAB568_at_exesolutions.com>

Glad you asked the question. Create profiles for each class of users and use them for two things. First to expire their passwords on a regular basis and second to limit the number of sessions per user to one to eliminate password sharing.

Daniel A. Morgan

Richard wrote:

> Hello,
>
> Thank you Cliff and Daniel.
>
> To prevent potential fraud caused by internal staffs is the primary reason I
> need this solution.
>
> Some developers/Power users may "spy" the confidential information in
> databases. The confidential information means the data itself and database
> schema.
>
> For technical guys, it is easy to intrude database with some tools like
> SQL*PLUS (to get more data information) or ERWin ( to get database schema )
>
> if they have valid userid/password. From the viewpoint of internal audit,
> that is a threat for information security.
>
> If any one have better solution than this one , i.e., to prevent
> unauthorized client machines and/or unauthorized applications to access
> database,
>
> please let me share your idea.
>
> Thank you...
>
> Richard L. Chen
>
> ( PS: Actually, I don't think that would be difficult for Oracle to
> implement this idea.)
>
> C Palmer <cliff_at_palmercs.com> wrote in message
> news:3ACC6B13.3DD6A8F8_at_palmercs.com...
> > Richard, *if* the oracle server machine is (or can be) seperated from
> > *all* the client machines onto a different network segment, you might be
> > able to place an intellegent router between the segments and configure the
> > router to deny routing to ports 1521 and 1527 on the oracle server box
> > from the specific workstations you wish. In addition to that you could
> > implement challeneged access in other fashions.
> >
> > I have to echo Daniel A Morgan's concerns about the wisdom of this
> > notion. This sounds like a really unworkable idea to me and probably wont
> > really solve your problem.. Remember that a fair number of users know how
> > to change their IP/IPX address or they can simply go sit at someone else's
> > workstation.
> >
> > HTH
> > Cliff
> >
> > Richard wrote:
> >
> > > Hi,
> > >
> > > Is there any possible solution to prevent unauthorized client machines
> > > and/or unauthorized applications to access
> > > Oracle database, even with valid USER ID and PASSWORD ??
> > >
> > > Thanks,
> > >
> > > Richard
> > > richchen_at_ms6.hinet.net
> >
Received on Fri Apr 06 2001 - 07:30:20 CEST

This message: [ Message body ]
Next message: Frank van Bortel: "Re: Help: What need to be installed for a names server"
Previous message: C Palmer: "Re: Oracle OEM 2.2.0.0 jobs under Suse Linux 7.0"
Maybe in reply to: Richard: "Question About Oracle Security issue....."
In reply to Richard: "Re: Question About Oracle Security issue....."
Next in thread: Frank van Bortel: "Re: Help: What need to be installed for a names server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message