Re: Privileges by session

• From: Andre van Winssen <dreveewee@xxxxxxxxx>
• To: jkstill@xxxxxxxxx
• Date: Fri, 8 Jan 2010 12:23:15 +0100

Hi Jared,

have you seen auditors actually use tooling to perform password sanity
checks on databases subject to SarbanesOxley, HIPAA, PCI or any number of
other legislated security policies ?

I have seen big shops where fancy database compliancy reports, created by
the dbas, were just about enough to let the auditors say "Ok, compliant!"
Motto: business comes first, security second.

Regards,
Andre



2010/1/7 Jared Still <jkstill@xxxxxxxxx>

>  On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
> wblanchard@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>>  Greetings,
>>
>> I have convinced management to allow me to grant read-only access to the
>> developers.  The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls.  Is there a way
>> via a
>>
> Is there some reason the obvious solution wont' work?
>
> That is, change the passwords.
>
> It would seem the applications in question are not subject to
> SarbanesOxley,
> HIPAA, PCI or any number of other legislated security policies.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
>

• Follow-Ups:
  • Re: Privileges by session
    • From: Jared Still

• References:
  • Privileges by session
    • From: Blanchard, William
  • Re: Privileges by session
    • From: Jared Still

Other related posts:

• » Privileges by session - Blanchard, William
• » Re: Privileges by session - lyallbarbour
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Jackie Brock
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Christopher Boyle
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Jackie Brock
• » Re: Privileges by session - Kellyn Pedersen
• » RE: Privileges by session - Blanchard, William
• » RE: Privileges by session - Blanchard, William
• » Re: Privileges by session - Jared Still
• » RE: Privileges by session - Blanchard, William
• » Re: Privileges by session - Michael Fontana
• » RE: Privileges by session - Blanchard, William
• » Re: Privileges by session - Jared Still
• » RE: Privileges by session - Blanchard, William
• » Re: Privileges by session - Andre van Winssen
• » RE: Privileges by session - Barun, Vlado
• » Re: Privileges by session - Jared Still
• » Re: Privileges by session - Robert Freeman
• » RE: Privileges by session - Andre van Winssen
• » Re: Privileges by session - Joan Hsieh
• » Re: Privileges by session - Thomas A. La Porte
• » Re: Privileges by session - Michael Fontana
• » Re: Privileges by session - Martin Berger
• » RE: Privileges by session - Upendra N
• » Re: Privileges by session - Martin Bach
• » Re: Privileges by session - Pete Finnigan
• » Re: Privileges by session - Peter Hitchman
• » RE: Privileges by session - Joel.Patterson
• » RE: Privileges by session - Barun, Vlado
• » Re: Privileges by session - Kellyn Pedersen
• » RE: Privileges by session - GovindanK
• » Re: Privileges by session - Pete Finnigan
• » Re: Privileges by session - Yechiel Adar
• » Re: Privileges by session - Jared Still
• » Re: Privileges by session - Yechiel Adar
• » RE: Privileges by session - D'Hooge Freek
• » RE: Privileges by session - Jackie Brock

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page
• » View list details
• » Manage your subscription