Path: dp-news.maxwell.syr.edu!spool.maxwell.syr.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com!k70g2000cwa.googlegroups.com!not-for-mail From: ivl5@hotmail.com Newsgroups: comp.databases.oracle.server Subject: Re: user with administrative priviledges Date: 10 Oct 2006 18:15:57 -0700 Organization: http://groups.google.com Lines: 34 Message-ID: <1160529357.143534.21070@k70g2000cwa.googlegroups.com> References: NNTP-Posting-Host: 203.13.128.102 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" X-Trace: posting.google.com 1160529362 9826 127.0.0.1 (11 Oct 2006 01:16:02 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 11 Oct 2006 01:16:02 +0000 (UTC) In-Reply-To: User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7,gzip(gfe),gzip(gfe) X-HTTP-Via: 1.0 proxy2 (NetCache NetApp/6.0.2) Complaints-To: groups-abuse@google.com Injection-Info: k70g2000cwa.googlegroups.com; posting-host=203.13.128.102; posting-account=UGFMnwwAAAD2Vz__qSldRC8KQnLCLICC Xref: dp-news.maxwell.syr.edu comp.databases.oracle.server:276994 Frank van Bortel wrote: > fireball schreef: > > well, I 've found out (that is: 'grant DBA to user'), forgive my basic > > questions. > > > > > Forgiven. :) > > The feedback is appreciated. > > Back on track: why do you want this? SYSTEM is especially > created for this purpose People usually do it when: 1. There is a policy/need to audit on per-DBA basis; shared generic account makes it harder. 2. Security is taken seriously. A well-known account is too obvious target. With Oracle, if you know username your chances to hack an account are much higher, e.g. one can prepare rainbow tables for SYS/SYSTEM at leasure and seek a chance to get a password hash. I think it's a very good idea to replicate SYSTEM privileges in another user and lock down SYS/SYSTEM. [...] > -- > Regards, > Frank van Bortel Regards, Igor