Re: Would you recommend such an application for production use?
Date: Thu, 18 Feb 2010 18:30:59 -0800 (PST)
Message-ID: <498082.79102.qm_at_web32008.mail.mud.yahoo.com>
I agree with Jared on this one. I don't *expect* my managers to take my recommendations over everyone elses ALL the time :) but I do know it's important for me to think ahead and gauge all the issues that might arise due to design/coding/security flaws in an application they are going to implement. I voice my concerns, document my findings and then it's up to my manager from that point. I know how much he values my opinion, knowing where my loyalties lie and that's why he's a good manager- he trusts his employees to do their jobs!
I was definitely onto the worse case scenario, 12 steps ahead of the siuation in my earlier comments! All they wanted to do was create views in the SYSTEM tablespace and here I am, already on the path of "if they can create views, what's next? What is the worse scenario?" I'm a DBA, my job is to protect the database, all of the database, so help me God... :)
After being at RMOUG the last two days, I can say...having trouble keeping up myself with the threads! :) ~Kellyn
- On Thu, 2/18/10, Jared Still <jkstill_at_gmail.com> wrote:
From: Jared Still <jkstill_at_gmail.com>
Subject: Re: Would you recommend such an application for production use?
To: Richard.Goulet_at_parexel.com
Cc: development_at_the-playground.de, "ORACLE-L" <oracle-l_at_freelists.org>
Date: Thursday, February 18, 2010, 12:07 PM
comments inline:
On Thu, Feb 18, 2010 at 10:27 AM, Goulet, Richard <Richard.Goulet_at_parexel.com> wrote:
Brother does this list ever produce mountains of messages in the blink of an eye!!
Hey, it's a vital community! :)
OK, so while creating objects in the sys schema is not the most brilliant thing to do it's not exactly totally unknown.
I think it is a good idea for the DBA in question to provide some documented security concerns for such issues if possible, in addition to the support concerns.
As decisions to buy a product are almost never based on input from a DBA, it is still valid for the DBA to raise concerns.
That way when the tidal wave of problems rushes in, the DBA is in a fairly secure position. Even better if she/he already knows how to deal with the problems.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Feb 18 2010 - 20:30:59 CST