RE: ODBC and database security

• From: "Post, Ethan" <Ethan.Post@xxxxxx>
• To: <Kip.Bryant@xxxxxxxxxx>, <Meenakshi.Aggarwal@xxxxxxxxxxxxx>
• Date: Fri, 3 Dec 2004 12:11:53 -0600

You should be aware that program such as MS Access and such frequently
store the user name/passwords in the connect strings in plain text.
Programs such as Access can be very valuable in the hands of the right
user for reporting, moving data etc...however, all too often it ends up
in the hands of very evil users who write really weird macros which do
things like put your entire 20GB database in an Excel file every night.=20

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of
Kip.Bryant@xxxxxxxxxx
Sent: Friday, December 03, 2004 11:54 AM
To: Meenakshi.Aggarwal@xxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: ODBC and database security

IMHO the real security issue is with the oracle client install.  Sorry
if the
following is too obvious...  You need to be certain that the DBA
utilities are=20
never installed and that the sqlnet config can't be changed so as to
avoid=20
system probing.  And everyone has changed all default passwords, right?
;-)
Then the remaining issue would be account administration...what your
password=20
controls are...(length, content, expiration, sharing of accounts...).

Kip

|Hi All,

|Can anybody share what are database security issues when using ODBC
(set up
|on client PCs).

|Thanks

|--
|http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l

• » ODBC and database security
• » RE: ODBC and database security
• » RE: ODBC and database security
• » Re: ODBC and database security
• » RE: ODBC and database security
• » RE: ODBC and database security
• » RE: ODBC and database security

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription