RE: Using DD to Read Data from Oracle Datafiles

• From: "Mark W. Farnham" <mwf@xxxxxxxx>
• To: <Mark.Bobak@xxxxxxxxxxxxxxx>, <kevinc@xxxxxxxxxxxxx>, "'freelists'" <oracle-l@xxxxxxxxxxxxx>
• Date: Thu, 8 Feb 2007 21:04:40 -0500

While I agree, in some corners this runs into the whole Sarbanes Oxley
catastrophe where the folks who facilitated the apparently false financial
reports of Enron are amongst the beneficiaries of the CPA consultant full
employment act to make life miserable to the most honest and honorable rank
and file group of people on the planet (DBA/sysadmins).

 

So then the game shifts to "how can we prevent the DBAs and sysadmins from
discerning real data?"

 

I am not claiming to know a good universal answer. Starting by hiring Dirty
Harry as your HR director wouldn't be a bad start though.

 

I'd wink, but the overhead to American business is so sad it nearly brings
me to tears.

 

mwf

 

  _____  

From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Bobak, Mark
Sent: Thursday, February 08, 2007 4:13 PM
To: kevinc@xxxxxxxxxxxxx; freelists
Subject: RE: Using DD to Read Data from Oracle Datafiles

 

Kevin makes a fair point.  I don't know about other shops, but our
production database servers are dedicated to being database servers.  The
only users who are given logins are sysadmin and dba.  I can't think of any
valid reason that anyone else would need login access on a production
database server.  If you limit the users who have access to the servers at
all, then you really don't have to worry about the myriad of possible local
attacks.

 

-Mark

 

--

Mark J. Bobak

Senior Oracle Architect

ProQuest Information & Learning

There is nothing so useless as doing efficiently that which shouldn't be
done at all.  -Peter F. Drucker, 1909-2005

 

 

  _____  

From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Kevin Closson
Sent: Thursday, February 08, 2007 4:00 PM
To: freelists
Subject: RE: Using DD to Read Data from Oracle Datafiles

If you are worried about a user getting to the dd(1) command, you should
probably worry about then compiling C (libc), or having shell access at all,
no?

 

  _____  

From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of rjamya
Sent: Thursday, February 08, 2007 12:39 PM
To: naqimirza@xxxxxxxxx
Cc: Oracle-L @ freelists.org
Subject: Re: Using DD to Read Data from Oracle Datafiles

 

So, 

You can make sure that
1. any normal user can't get to the raw (or cooked) datafiles.
2. They don't have access to 'dd' command

in addition to whatever else that you are doing.



 

• Follow-Ups:
  • Re: Using DD to Read Data from Oracle Datafiles
    • From: Tim Gorman

• References:
  • RE: Using DD to Read Data from Oracle Datafiles
    • From: Bobak, Mark

Other related posts:

• » Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » RE: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles
• » Re: Using DD to Read Data from Oracle Datafiles

1. Home
2. oracle-l
3. Archive
4. 02-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---