Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: how bad are these vulnerabilities?

Re: how bad are these vulnerabilities?

From: Niall Litchfield <niall.litchfield_at_dial.pipex.com>
Date: Mon, 18 Dec 2006 23:12:21 +0000
Message-ID: <Uc2dndQvp-y9ghrYRVnyrAA@pipex.net> 





DA Morgan wrote:


> Niall Litchfield wrote:


>> DA Morgan wrote:
>>> Well while they are doing that ... perhaps they can explain to your
>>> legal department how they plan to handle SQL Server's inability to meet
>>> SarbOx requirements?
>>
>> Only do that if you want to look rather silly. Legislation does not
>> prohibit particular platforms, just mandates approaches and controls.
>> You can do this with all the leading databases on the market today.




> 

> It mandates that you be able to audit the activities of the system

> adminitrators and DBAs. If you can do that on (pre-Vista) Windows I'd

> like to see how.




I'm assuming you mean pre-sql2005 sqlserver rather than pre-vista
windows (this being a database forum and you referring to a database
product and all) try


http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_2ard.asp
for size.



You can audit sysadmin and dba activity on windows, and you can fail to
do it on *nix environments. To suggest otherwise is rather foolish don't
you think.



<thought process>


In an open source world the auditing process and hashing algorithms are
open source. Wonder what happens then


</thought process>


-- 
Niall Litchfield
Oracle DBA
http://www.orawin.info/services


Received on Mon Dec 18 2006 - 17:12:21 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US