Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.
DA Morgan wrote:
>
> From my experience with auditors ... decrypting the audit trail is not
> the issue. The audit trail should be readily available for reading. And
> I use DBMS_DDL.CREATE_WRAPPED to build both encrypt and decrypt day one.
> The issue is can anyone alter the audit trail without detection. That is
> much more difficult.
>
> Keep in mind the issue is a good faith effort to comply with the law.
> Not can I defeat the world's number one Oracle security expert.
>
Well once an exploit becomes known, does it take a Pete Finnigan to exploit it? Of course not. It just becomes something a lamer would be able to use just by simply downloading a root kit off the net. Could that then even be considered a good faith effort to comply with laws like Sarb OX?
This means that for all intents and purposes, without a solution to the offsite log shipping problem, Oracle ends up just being equal to storing your data on (very expensive) 3x5 cards. Received on Wed Sep 06 2006 - 18:01:11 CDT
![]() |
![]() |