Re: Privileges by session

  • From: Andre van Winssen <dreveewee@xxxxxxxxx>
  • To: jkstill@xxxxxxxxx
  • Date: Fri, 8 Jan 2010 12:23:15 +0100

Hi Jared,

have you seen auditors actually use tooling to perform password sanity
checks on databases subject to SarbanesOxley, HIPAA, PCI or any number of
other legislated security policies ?

I have seen big shops where fancy database compliancy reports, created by
the dbas, were just about enough to let the auditors say "Ok, compliant!"
Motto: business comes first, security second.

Regards,
Andre



2010/1/7 Jared Still <jkstill@xxxxxxxxx>

>  On Thu, Jan 7, 2010 at 12:21 PM, Blanchard, William <
> wblanchard@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>>  Greetings,
>>
>> I have convinced management to allow me to grant read-only access to the
>> developers.  The problem is that they know the application passwords and
>> have been using those passwords to circumvent my controls.  Is there a way
>> via a
>>
> Is there some reason the obvious solution wont' work?
>
> That is, change the passwords.
>
> It would seem the applications in question are not subject to
> SarbanesOxley,
> HIPAA, PCI or any number of other legislated security policies.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
>

Other related posts: