Path: news.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!news-out.cwix.com!newsfeed.cwix.com!logbridge.uoregon.edu!news-west.eli.net!not-for-mail
Message-ID: <3DD042F8.E7B025BE@exesolutions.com>
From: Daniel Morgan <dmorgan@exesolutions.com>
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: comp.databases.oracle.server
Subject: Re: Verifying passwords have been changed in oracle
References: <8modqa.6et.ln@spuddy.org> <3dca7941.52781155@ausnews.austin.ibm.com> <m6neqa.8tu.ln@spuddy.org> <3dcbd187.55502918@ausnews.austin.ibm.com> <s94hqa.s81.ln@spuddy.org> <B9F1D05E.217A%markbtownsend@attbi.com> <9s3mqa.o5c.ln@spuddy.org> <3DCFFE33.FCF974C9@exesolutions.com> <8j0pqa.dje.ln@spuddy.org> <3DD0194D.5A49B039@exesolutions.com> <0u5pqa.7pe.ln@spuddy.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 28
Date: Mon, 11 Nov 2002 23:53:28 GMT
NNTP-Posting-Host: 156.74.250.7
X-Complaints-To: yvonne.tracy@ci.seattle.wa.us
X-Trace: news-west.eli.net 1037058808 156.74.250.7 (Mon, 11 Nov 2002 16:53:28 MST)
NNTP-Posting-Date: Mon, 11 Nov 2002 16:53:28 MST
Organization: City of Seattle NewsReader Service
Xref: newsfeed1.easynews.com comp.databases.oracle.server:166593
X-Received-Date: Mon, 11 Nov 2002 16:53:21 MST (news.easynews.com)

Stephen Harris wrote:

> Daniel Morgan <dmorgan@exesolutions.com> wrote:
> > Stephen Harris wrote:
> >> This is auditing; ie confirmation that stuff has been done properly.  I'm not
> >> enforcing or changing things.
>
> > The only way to audit security is to try to break in.
>
> Well, hardly.  We want to verify that the default is for user passwords
> to expire in 'n' days... we can check dba_profiles to see if this is set.
> We want to verify certain accounts have been disabled... we can check the
> dba_users table to see if the account_status is locked.
>
> We are not verifying the correct functioning of the oracle software, we
> are attempting to verify configuration of the system.
>
> --
>                                  Stephen Harris
>                               sweh@spuddy.mew.co.uk
>       The truth is the truth, and opinion just opinion.  But what is what?
>        My employer pays to ignore my opinions; you get to do it for free.

The only way to tell whether the password for SYS is change_on_install is to type it
in at the SQL> prompt.

Daniel Morgan

