| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: ODBC and database security
You should be aware that program such as MS Access and such frequently
store the user name/passwords in the connect strings in plain text.
Programs such as Access can be very valuable in the hands of the right
user for reporting, moving data etc...however, all too often it ends up
in the hands of very evil users who write really weird macros which do
things like put your entire 20GB database in an Excel file every night.=20
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of
Kip.Bryant_at_Vishay.com
Sent: Friday, December 03, 2004 11:54 AM
To: Meenakshi.Aggarwal_at_fishersci.com
Cc: oracle-l_at_freelists.org
Subject: Re: ODBC and database security
IMHO the real security issue is with the oracle client install. Sorry
if the
following is too obvious... You need to be certain that the DBA
utilities are=20
never installed and that the sqlnet config can't be changed so as to
avoid=20
system probing. And everyone has changed all default passwords, right?
;-)
Then the remaining issue would be account administration...what your
password=20
controls are...(length, content, expiration, sharing of accounts...).
Kip
|Hi All,
|Can anybody share what are database security issues when using ODBC
(set up
|on client PCs).
|Thanks
|--
|http://www.freelists.org/webpage/oracle-l
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Fri Dec 03 2004 - 12:10:16 CST
 |
 |