Re: Security audit of Oracle databases

  • From: stephen booth <stephenbooth.uk@xxxxxxxxx>
  • To: "Paula_Stankus@xxxxxxxxxxxxxxx" <Paula_Stankus@xxxxxxxxxxxxxxx>
  • Date: Mon, 11 Apr 2005 17:38:34 +0100

On Apr 11, 2005 5:27 PM, Paula_Stankus@xxxxxxxxxxxxxxx
<Paula_Stankus@xxxxxxxxxxxxxxx> wrote:
>  
> Why not come up with an algoritm instead of writing them down?

I'm not 100% sure what you mean by that.  If you mean some sort of
system for working out what the password is then surely that would be
a huge security hole as anyone who knew the system could then access
any of your databases and you probably wouldn't know.

If they're on a piece of paper in a sealed envelope in a safe then
you've got a better chance of finding out as they'd firstly have to
get into the safe and then would have to open the envelope so making
their tampering evident.  Where I've worked where this system was
inplace the passwords for the databases on each machine were written
onto a sheet of paper, along with the OS passwords, which was put into
an envelope (one envelope per machine with the machine name on it). 
The envelope was then sealed and signed accross the seal by the person
who had put the passwords in and piece of sticky tape then put accross
the signature.  The envelopes were then put into a safe.   If the
envelope was opened it would be obvious at a glance.

Stephen

-- 
It's better to ask a silly question than to make a silly assumption.
--
//www.freelists.org/webpage/oracle-l

Other related posts: