Oops, so right. The author of the SANS book is Pete Finnigan.
Jared On Fri, 2003-08-29 at 00:49, Pete Sharman wrote: > Much as I would like to claim credit, that's the wrong Pete you have > there. :) > > > Pete > > "Controlling developers is like herding cats." > Kevin Loney, Oracle DBA Handbook > > "Oh no, it's not. It's much harder than that!" > Bruce Pihlamae, long term Oracle DBA. > > > > -----Original Message----- > Jared Still > Sent: Friday, August 29, 2003 11:14 AM > To: Multiple recipients of list ORACLE-L > > > The security model of Oracle on both unix and Windows > precludes any ability to prevent access to the database > by a knowledgeable user with root or admin access. > > Pete Sharman could no doubt go into some detail here. > > I bought his security book, I'll check it out when I get to work. > > Could be there's something I've overlooked. :) > > Jared > > On Thu, 2003-08-28 at 09:29, DENNIS WILLIAMS wrote: > > Walter > > You may be able to approach this from a security aspect. You could > > discuss with your management whether it is a good idea for the system > > administrators to be in a database. Depending on the security or SLA > > requirements of the database, you may have some leverage there. > > > > > > > > Dennis Williams > > DBA, 80%OCP, 100% DBA > > Lifetouch, Inc. > > [EMAIL PROTECTED] > > > > -----Original Message----- > > Sent: Thursday, August 28, 2003 11:10 AM > > To: Multiple recipients of list ORACLE-L > > > > > > Well, first of all, root should not be in your dba group... > > > > -----Original Message----- > > Sent: Thursday, August 28, 2003 8:34 AM > > To: Multiple recipients of list ORACLE-L > > > > > > Just for grins, I'll ask this question... Is there any way to keep the > > > Unix "root" user from logging into the database (i.e. connect internal > > > or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here. > > > > We have a couple people in our Unix admin group that feel the need to > > "help" by writing their own DB monitoring scripts. Of course, they > > don't know what they're talking about. They do not have formal logins > > for the database, but since they are root users they are connecting > > via "connect internal". This is not only counterproductive but > > actually a potential security issue--just because someone has root > > doesn't necessarily entitle them to see the data in the database. What > > > if it is a payroll database? > > > > So, I'm curious, is there any way to prevent access via "connect > > internal" or "/ as sysdba"? > > > > Thanks in advance. > > > > W > > > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.net > > -- > > Author: DENNIS WILLIAMS > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L (or the > > name of mailing list you want to be removed from). You may also send > > the HELP command for other information (like subscribing). > > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Jared Still > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the > message BODY, include a line containing: UNSUB ORACLE-L (or the name of > mailing list you want to be removed from). You may also send the HELP > command for other information (like subscribing). > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Pete Sharman > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Jared Still INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
