The passwords could be kept in a boxed protected by lead seals and placed in an appropriate safe. The room with the safe would also be a No Lone Zone. I don't think one can trace most compromises of data to the database itself. It gets out when its downloaded to a PC to facilitate charts and then placed on portable media. It gets out when paper reports are improperly handled. Remember when Oracle went dumpster-diving at Microsoft headquarters? Ian MacGregor Stanford Linear Accelerator Center ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx> _____ From: Boivin, Patrice J [mailto:BoivinP@xxxxxxxxxxxxxxxxx] Sent: Wednesday, March 17, 2004 6:30 AM To: 'oracle-l@xxxxxxxxxxxxx' Cc: MacGregor, Ian A. Subject: RE: Database security Importance: Low Er... what happens if one of the two people gets hit by a bus? Just curious. Patrice. -----Original Message----- From: Whittle Jerome Contr NCI [mailto:Jerome.Whittle@xxxxxxxxxxxx] Sent: March 17, 2004 10:14 AM To: oracle-l@xxxxxxxxxxxxx Cc: ian@xxxxxxxxxxxxxxxxx Subject: RE: Database security You'd have to hire guards to shoot anyone entering the No Lone Zone solo. Reminds me of my aircraft maintenance days in the military. Of course the stakes were MUCH higher then. Jerry Whittle ASIFICS DBA NCI Information Systems Inc. jerome.whittle@xxxxxxxxxxxx 618-622-4145 -----Original Message----- From: MacGregor, Ian A. [SMTP:ian@xxxxxxxxxxxxxxxxx] There is also the idea of two-man control. No one is allowed sole access to the machine room. No one knows the entire root/admin or dba password. I know of many places which implement two-man control for physical security, but none that have carried it to the computer security level. It would be so burdensome. Ian MacGregor Stanford Linear Accelerator Center ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx <mailto:ian@xxxxxxxxxxxxxxxxx> >