Re: Oracle Security Issue
- From: Umberto <umberto.quaia@xxxxxx>
- Date: Fri, 09 Sep 2005 17:58:43 +0200
miloann2002 wrote:
I have the following questions in the Oracle 8 and 9 platforms:
1. Does the roles need to set password? If no password, any negative impact?
No. Just don't grant the roles to the wrong users... ;-)
2. Can user data / objects be put in the system tablespace?
No, if database administrator is wise enough not to give/leave quotas on SYSTEM. Of course, the database administrator can, but it's not advisable, even SYSTEM's objects should not be put on SYSTEM (TOOLS is set up by standard installation).
Can this cause denial of services?
Yes, if SYSTEM tablespace fills up it can have weird consequences...
3. Is it critical to set password life, password reuse, and other password settings? If we have robust operating system and application security, do we still need to configure the password settings in Oracle?
In many countries, laws require passwords to be changed periodically, so, depending on environment, it may be required.
Moreover, it automatically locks out unneeded/unused accounts.
Remember that overall security is the one of the weakest link, so if SYSTEM's or a critical user's password is weak, someone could log in and sabotage the database without involving OS or application security.
Thanks.
Umberto .
- References:
- Oracle Security Issue
- From: miloann2002
- Oracle Security Issue
- Prev by Date: Index Design
- Next by Date: Materialized View Question
- Previous by thread: Re: Oracle Security Issue
- Next by thread: Index Design
- Index(es):
Relevant Pages
|
Loading
