| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: ODBC and database security
Amen to that! We have that all over here.
Then when you try to change your password all these rogue reports/macros/excel things break and they all blame you......
I am going through a migration now and am going through this right now.
Kathy Duret
-----Original Message-----
From: Post, Ethan [mailto:Ethan.Post_at_ps.net]
Sent: Friday, December 03, 2004 12:12 PM
To: Kip.Bryant_at_Vishay.com; Meenakshi.Aggarwal_at_fishersci.com
Cc: oracle-l_at_freelists.org
Subject: RE: ODBC and database security
You should be aware that program such as MS Access and such frequently store the user name/passwords in the connect strings in plain text. Programs such as Access can be very valuable in the hands of the right user for reporting, moving data etc...however, all too often it ends up in the hands of very evil users who write really weird macros which do things like put your entire 20GB database in an Excel file every night.=20
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of
Kip.Bryant_at_Vishay.com
Sent: Friday, December 03, 2004 11:54 AM
To: Meenakshi.Aggarwal_at_fishersci.com
Cc: oracle-l_at_freelists.org
Subject: Re: ODBC and database security
IMHO the real security issue is with the oracle client install. Sorry
if the
following is too obvious... You need to be certain that the DBA
utilities are=20
never installed and that the sqlnet config can't be changed so as to
avoid=20
system probing. And everyone has changed all default passwords, right?
;-)
Then the remaining issue would be account administration...what your
password=20
controls are...(length, content, expiration, sharing of accounts...).
Kip
|Hi All,
|Can anybody share what are database security issues when using ODBC
(set up
|on client PCs).
|Thanks
|--
|http://www.freelists.org/webpage/oracle-l
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l This transmission contains information solely for intended recipient and may be privileged, confidential and/or otherwise protect from disclosure. If you are not the intended recipient, please contact the sender and delete all copies of this transmission. This message and/or the materials contained herein are not an offer to sell, or a solicitation of an offer to buy, any securities or other instruments. The information has been obtained or derived from sources believed by us to be reliable, but we do not represent that it is accurate or complete. Any opinions or estimates contained in this information constitute our judgment as of this date and are subject to change without notice. Any information you share with us will be used in the operation of our business, and we do not request and do not want any material, nonpublic information. Absent an express prior written agreement, we are not agreeing to treat any information confidentially and will use any and all information and reserve the right to publish or disclose any information you share with us. -- http://www.freelists.org/webpage/oracle-lReceived on Fri Dec 03 2004 - 13:20:27 CST
 |
 |