Re: Privileges by session
Date: Fri, 8 Jan 2010 12:23:15 +0100
Message-ID: <9b46ac491001080323n6beffeaai12f001ecf40804fe_at_mail.gmail.com>
Hi Jared,
have you seen auditors actually use tooling to perform password sanity checks on databases subject to SarbanesOxley, HIPAA, PCI or any number of other legislated security policies ?
I have seen big shops where fancy database compliancy reports, created by the dbas, were just about enough to let the auditors say "Ok, compliant!" Motto: business comes first, security second.
Regards,
Andre
2010/1/7 Jared Still <jkstill_at_gmail.com>
> On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
> wblanchard_at_societyinsurance.com> wrote:
>
>> Greetings,
>>
>> I have convinced management to allow me to grant read-only access to the
>> developers. The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls. Is there a way
>> via a
>>
> Is there some reason the obvious solution wont' work?
>
> That is, change the passwords.
>
> It would seem the applications in question are not subject to
> SarbanesOxley,
> HIPAA, PCI or any number of other legislated security policies.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Jan 08 2010 - 05:23:15 CST