Re: Any ideas for running CRON jobs under Security Requirements

Hi All

Just one to help you along on this path an application I work with does
all its batch processing with an OPS$ account and has passed through a
number Audits successfully

The programs are COBOL and access a table it has select on to get the
correct username and password which is stored in the DB and is visible
to the OPS$ account. for someone to get a program to run would require
access to COBOL to compile it successfully and it would have to be
compiled on the servers that run the application to be able to use the
connection function and then they need a second account as the OPS$
account cant do compiles. Impossible, no someone could do something
malicious, but the number of people that would have suitable access
would generally be limited so restricting the opportunity.

Is it in my opinion compliant open for debate but it seems to be passing
the audits successfully.

Cheers

Peter


Jared Still wrote:
> I don't know how others do it, but I use a password server.
> Usernames/passwords are kept in an encrypted file. The 
> server sends the passwords out encrypted via RC5.
> 
> The passwords for authenticating to the server are alas,
> stored in plain text.
> 
> I have not yet been sufficiently motivated ( auditors have
> not complained ) about changing that bit. Probably would
> not be too difficult to convert to using SSH keys.
> 
> Details may be found in "Perl for Oracle DBA's".
> 
> What, you think I would write that in Python? ;)
> 
> Jared
> 
> 
> 
> On 5/13/05, Hemant K Chitale <hkchital@xxxxxxxxxxxxxx> wrote:
> 
>>
>>How do you run CRON jobs {Online Backups, DB Monitoring} on Database 
>>Servers
>>when IT Security / SOX requirements state that
>>a) No userid-password pairs are to be kept in plain-text in any files
>>b) connect / as sysdba is not to be used
>>
>>I can handle a) with CRON jobs running under the "oracle" account with
>>"connect / as sysdba"
>>at the beginning of SQL scripts. I can handle b) if I hard code a
>>userid/password with the
>>appropriate privileges. How do I handle both requirements ?
>>
>>
>>
>>Hemant K Chitale
>>http://web.singnet.com.sg/~hkchital
>>
>>
>>--
>>http://www.freelists.org/webpage/oracle-l
>>
> 
> 
> 
> 
--
http://www.freelists.org/webpage/oracle-l

Other related posts: