Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: OK to revoke privileges from SYS or DBA?

Re: OK to revoke privileges from SYS or DBA?

From: Howard J. Rogers <hjr_at_dizwell.com>
Date: Wed, 08 Dec 2004 17:25:54 +1100
Message-ID: <41b69e71$0$2467$afc38c87@news.optusnet.com.au> 





DA Morgan wrote:


> Denis Do wrote:

> 


>> On 2004-12-08, Anurag Varma <avdbi_at_hotmail.com> wrote:
>>
>>> I won't be surprised that his paranoia eventually leads him to start 
>>> naming tables using unprintable characters.
>>>
>>
>> Good idea, BTW! :-)
>> To be serious, I truly believe that if you are dealing with DB where,
>> lets say, 1mil of CC numbers are stored - there is no such thing as
>> paranoia. I prefer paranoidal DBA, who tends to over-complicate things,
>> to someone who will blindly follow setup guide and will bring company 
>> to prosecution.
>>
>> Is it good point or not? :-)




> 

> 

> Credit card numbers is a good example.

> So are design specifications for weapons systems.

> So are medical records.

> So are payroll and disciplinary records for employees.

> So are records in a law enforcement agency on ongoing investigations.

> So are records of pending and ongoing litigation at law firms.

> 

> And some companies that deal with defense issues are required by law

> to not only secure specific defense related data but also data on

> secondary uses. So, for example, since Air Force 1 is a Boeing 747 ...

> by definition much of the information about 747's is classified.

> 

> Being security conscious is not being paranoid. There is a word for

> people that don't understand the importance of security ... the word is

> unemployable: At least where I consult.




A neat sashay away from the actual issue here: which is that your 
previous approach to roles (the one you advocated before Tom put you 
straight) provides zero security, but a support and management headache. 
You current approach to roles (the one you adopted after Tom pointed out 
your error) is just plain confused and represents the worst of both 
worlds: keep the really powerful role, but drop the less powerful ones, 
so no additional security; but still the support and management headache.



What any of that has to do with security, Lord only knows.



The word ought indeed to be 'unemployable'.



HJR

Received on Wed Dec 08 2004 - 00:25:54 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US