Path: news.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!news-out.cwix.com!newsfeed.cwix.com!bloom-beacon.mit.edu!panix!not-for-mail
From: sweh@spuddy.mew.co.uk (Stephen Harris)
Newsgroups: comp.databases.oracle.server
Subject: Re: Verifying passwords have been changed in oracle
Date: Mon, 11 Nov 2002 16:02:56 -0500
Organization: *NOT* Spud's Public Usenet Domain
Lines: 20
Message-ID: <0u5pqa.7pe.ln@spuddy.org>
References: <8modqa.6et.ln@spuddy.org> <3dca7941.52781155@ausnews.austin.ibm.com> <m6neqa.8tu.ln@spuddy.org> <3dcbd187.55502918@ausnews.austin.ibm.com> <s94hqa.s81.ln@spuddy.org> <B9F1D05E.217A%markbtownsend@attbi.com> <9s3mqa.o5c.ln@spuddy.org> <3DCFFE33.FCF974C9@exesolutions.com> <8j0pqa.dje.ln@spuddy.org> <3DD0194D.5A49B039@exesolutions.com>
NNTP-Posting-Host: absinthe.tinho.net
X-Trace: reader1.panix.com 1037048848 3310 166.84.5.228 (11 Nov 2002 21:07:28 GMT)
X-Complaints-To: abuse@panix.com
NNTP-Posting-Date: Mon, 11 Nov 2002 21:07:28 +0000 (UTC)
Xref: newsfeed1.easynews.com comp.databases.oracle.server:166582
X-Received-Date: Mon, 11 Nov 2002 14:07:15 MST (news.easynews.com)

Daniel Morgan <dmorgan@exesolutions.com> wrote:
> Stephen Harris wrote:
>> This is auditing; ie confirmation that stuff has been done properly.  I'm not
>> enforcing or changing things.

> The only way to audit security is to try to break in.

Well, hardly.  We want to verify that the default is for user passwords
to expire in 'n' days... we can check dba_profiles to see if this is set.
We want to verify certain accounts have been disabled... we can check the
dba_users table to see if the account_status is locked.

We are not verifying the correct functioning of the oracle software, we
are attempting to verify configuration of the system.

-- 
                                 Stephen Harris
                              sweh@spuddy.mew.co.uk
      The truth is the truth, and opinion just opinion.  But what is what?
       My employer pays to ignore my opinions; you get to do it for free.