Return-Path: Received: from ensim.rackshack.net (root@localhost) by orafaq.net (8.11.6/8.11.6) with ESMTP id h8IJd3621837 for ; Thu, 18 Sep 2003 14:39:03 -0500 X-ClientAddr: 66.27.56.213 Received: from www2.fatcity.com (rrcs-west-66-27-56-213.biz.rr.com [66.27.56.213]) by ensim.rackshack.net (8.11.6/8.11.6) with ESMTP id h8IJd3521832 for ; Thu, 18 Sep 2003 14:39:03 -0500 Received: (from root@localhost) by www2.fatcity.com (8.11.6/8.11.6) id h8IGLJG27610 for oracle-l@orafaq.net; Thu, 18 Sep 2003 09:21:19 -0700 Received: by fatcity.com (05-Jun-2003/v1.0g-b73/bab) via fatcity.com id 005D063E; Thu, 18 Sep 2003 09:19:43 -0800 Message-ID: Date: Thu, 18 Sep 2003 09:19:43 -0800 To: Multiple recipients of list ORACLE-L X-Comment: Oracle RDBMS Community Forum X-Sender: Pete Finnigan Sender: ml-errors@fatcity.com Reply-To: ORACLE-L@fatcity.com Errors-To: ML-ERRORS@fatcity.com From: Pete Finnigan Subject: Re: Anyone have a copy of DUL ?? Organization: Fat City Network Services, San Diego, California X-ListServer: v1.0g, build 73; ListGuru (c) 1996-2003 Bruce A. Bergman Precedence: bulk Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi Mark I agree with you Mark, even if its supplied by Oracle technicians - it is as you say possible to by-pass security completely. Does anyone in Oracle check that the field support personnel dispatched to a site ( in urgency ) are dumping data for the owner of it? - I covered the issue of DUL with regards to security is the SANS Oracle security step-by-step book - action 6.5.1 kind regards Pete In article , Mark Leith writes >One problem I see with giving this away "free" is that you will be supplying >a tool that allows you to extract data from the database, bypassing all >inbuilt security. A BIG "no no". I suppose that also applies to this kind of >tool even under a paid license structure. > -- Pete Finnigan email:pete@petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: oracle_list@peterfinnigan.demon.co.uk Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru@fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).