Re: Privileges by session

Hi Jared,

have you seen auditors actually use tooling to perform password sanity
checks on databases subject to SarbanesOxley, HIPAA, PCI or any number of
other legislated security policies ?

I have seen big shops where fancy database compliancy reports, created by
the dbas, were just about enough to let the auditors say "Ok, compliant!"
Motto: business comes first, security second.

Regards,
Andre



2010/1/7 Jared Still <jkstill@xxxxxxxxx>

>  On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
> wblanchard@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>>  Greetings,
>>
>> I have convinced management to allow me to grant read-only access to the
>> developers.  The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls.  Is there a way
>> via a
>>
> Is there some reason the obvious solution wont' work?
>
> That is, change the passwords.
>
> It would seem the applications in question are not subject to
> SarbanesOxley,
> HIPAA, PCI or any number of other legislated security policies.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
>

Other related posts: