Re: Security audit of Oracle databases

That would be nice for personal use.
So is Password Safe, which I use personally.
http://passwordsafe.sourceforge.net/

Neither is suitable for enterprise use however.

Here are some entreprise level requirements.

* multiple users, each with their own authentication
* auditing of password usage
* role or group based security for password access
( ie. help desk folks probably don't need access to Oracle passwords )

Jared

On 4/11/05, rjamya <rjamya@xxxxxxxxx> wrote:
> 
> keepass (http://keepass.sourceforge.net/) product works like a charm
> to share passwords. and it is free. and all it needs is a exe file.
> No auditing though because it cannot trust teh weakest link ... the
> human.
> 
> Raj
> 
> On Apr 11, 2005 11:12 AM, Jared Still <jkstill@xxxxxxxxx> wrote:
> > On 4/11/05, stephen booth <stephenbooth.uk@xxxxxxxxx> wrote:
> > >
> > >
> > > All important
> > > passwords should be recorded and stored somewhere safe (a piece of
> > > paper in an offsite secure location (e.g. where you keep your
> > > disaster recovery backups). BTW, of those 5 examples of why a DBA
> >
> > I will disagree with storing passwords on paper. It is extremely 
> cumbersome
> > and quite unworkable. We tried it, it doesn't work. There are a few
> > commercial
> > password safes available, some appear quite good, and allow limited 
> access
> > and auditing of password usage.
> >
> > --
> > Jared Still
> 



-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l

Other related posts: