'If an intruder gets to you database server, the game is pretty much over isn't it? ' Yes, it is. Thanks, Estifan -----Original Message----- From: Jared Still [mailto:jkstill@xxxxxxxxx] Sent: Thursday, November 30, 2006 6:39 PM To: Panosian, Estifan Cc: Oracle-L Freelists Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question On 11/30/06, Panosian, Estifan <EPanosian@xxxxxx> wrote: Hello, I am trying to make our database more secure, one of the scenarios we came up is: 'what if an internal hacker (somehow) gets to our database server?' If an intruder gets to you database server, the game is pretty much over isn't it? Aside from encrypting the data so that is not accessible by simple SELECT statements (Oracle Advanced Securityt, Data Vault) the intruder pretty much has free reign. Or perhaps you're just referring to the Oracle Instance itself as the server? In that case, if your database has not been patched to the Oct 2006 CPU level, then any account with a SELECT privilege on a table will have the ability to perform DML on your data. If your version of Oracle is an old one that is no longer patched, there's not much you can do to prevent this. -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist