Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Security issue with Oracle 8i

Re: Security issue with Oracle 8i

From: Sean M <smckeownNO_at_BACKSIESearthlink.net>
Date: Fri, 26 Apr 2002 15:22:12 -0600
Message-ID: <3CC9C504.1DB5D0A4@BACKSIESearthlink.net> 





Pablo Gomez wrote:


> 

> Sybrand:

> 

> Thanks for your response to my inquiry. I know that the root user can

> do everything, like deleting all data files, but one thing is making

> this attack to the database and another is accesing confidential

> information. I mean that the CEO of the enterprise trust in his

> unix/oracle administrator, but I don't think that he is happy of

> knowing that you can see all the information.




So encrypt the data if it's that sensitive.  Otherwise, you're outta
luck.  If an admin has root on your box, she can do as she pleases. 
Unless the data is encrypted (whether it's sitting in an Oracle
database, a flat file, Sybase, whatever), she can get to it, and there's
nothing you can do about it (save maybe running on a trusted OS/database
combo, if they even still exist?).  It all comes down to trust.  If you
don't trust the person w/root, encrypt the data.  'course then you have
to deal with key management, etc.



Regards,


Sean
Received on Fri Apr 26 2002 - 16:22:12 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US