| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security audit of Oracle databases
On Apr 11, 2005 5:27 PM, Paula_Stankus_at_doh.state.fl.us
<Paula_Stankus_at_doh.state.fl.us> wrote:
>
> Why not come up with an algoritm instead of writing them down?
I'm not 100% sure what you mean by that. If you mean some sort of system for working out what the password is then surely that would be a huge security hole as anyone who knew the system could then access any of your databases and you probably wouldn't know.
If they're on a piece of paper in a sealed envelope in a safe then you've got a better chance of finding out as they'd firstly have to get into the safe and then would have to open the envelope so making their tampering evident. Where I've worked where this system was inplace the passwords for the databases on each machine were written onto a sheet of paper, along with the OS passwords, which was put into an envelope (one envelope per machine with the machine name on it). The envelope was then sealed and signed accross the seal by the person who had put the passwords in and piece of sticky tape then put accross the signature. The envelopes were then put into a safe. If the envelope was opened it would be obvious at a glance.
Stephen
-- It's better to ask a silly question than to make a silly assumption. -- http://www.freelists.org/webpage/oracle-lReceived on Mon Apr 11 2005 - 12:42:32 CDT
 |
 |