|
[oracle-l]
||
[Date Prev]
[12-2006 Date Index]
[Date Next]
||
[Thread Prev]
[12-2006 Thread Index]
[Thread Next]
RE: Oracle 9i on Windows 2003 -- Vulnerability Question
- From: "Panosian, Estifan" <EPanosian@xxxxxx>
- To: "Jared Still" <jkstill@xxxxxxxxx>
- Date: Fri, 1 Dec 2006 10:43:20 -0500
'If an intruder gets to you database server, the game is pretty much
over isn't it? '
Yes, it is.
Thanks,
Estifan
-----Original Message-----
From: Jared Still [mailto:jkstill@xxxxxxxxx]
Sent: Thursday, November 30, 2006 6:39 PM
To: Panosian, Estifan
Cc: Oracle-L Freelists
Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question
On 11/30/06, Panosian, Estifan <EPanosian@xxxxxx> wrote:
Hello,
I am trying to make our database more secure, one of the
scenarios we
came up is:
'what if an internal hacker (somehow) gets to our database
server?'
If an intruder gets to you database server, the game is pretty much over
isn't it?
Aside from encrypting the data so that is not accessible by simple
SELECT statements (Oracle Advanced Securityt, Data Vault) the
intruder pretty much has free reign.
Or perhaps you're just referring to the Oracle Instance itself as
the server? In that case, if your database has not been patched
to the Oct 2006 CPU level, then any account with a SELECT privilege
on a table will have the ability to perform DML on your data. If your
version of Oracle is an old one that is no longer patched, there's
not much you can do to prevent this.
--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
|
|
