Re: FLASHBACK ANY TABLE
- From: MARK BRINSMEAD <mark.brinsmead@xxxxxxxxx>
- To: Kumar Madduri <ksmadduri@xxxxxxxxx>
- Date: Wed, 18 Mar 2015 11:30:00 -0400
*sigh*.
Yeah. I know that feeling, too. All too well.
On the plus side, if the directors have approved this -- over your
objections -- it will be (somewhat) more difficult for them to blame *you*
for the disasters that eventually arise from it.
Good luck!
On Wed, Mar 18, 2015 at 10:56 AM, Kumar Madduri <ksmadduri@xxxxxxxxx> wrote:
> Thanks Mark. I have raised those points as well with my manager.
> The problem is the developers get approvals from 'directors' who think
> they are technical and don't like to be questioned by the DBAs. I still do
> and get in to bad books :)
>
> On Wed, Mar 18, 2015 at 7:21 AM, MARK BRINSMEAD <mark.brinsmead@xxxxxxxxx>
> wrote:
>
>> Security considerations aside (and they *are* completely valid
>> considerations), you should probably talk to the developers and find out
>> exactly what they are thinking, and WHY they think the need to be able to
>> flashback tables.
>>
>> Is this a feature that they plan to rely on in their code? Do they
>> understand that it is not guaranteed to work? (It will fail if you don't
>> have enough UNDO on hand to reach the requested SCN.) Do they have a plan
>> for dealing with it when it *does* fail? Have they considered how this
>> might affect concurrency?
>>
>> Your developers may be rock-solid and know exactly what they are doing
>> and why they are doing it. In my own experience, though, I have rarely
>> (but sometimes!) found that to be the case. :-)
>>
>>
>> On Wed, Mar 18, 2015 at 8:09 AM, Brent Day <coloradodba@xxxxxxxxx> wrote:
>>
>>> Kumar,
>>>
>>> You are right - this is a security risk and my recommendation would be
>>> to never grant any "ANY" system privileges. There have been many easily
>>> exploitable privilege escalations bugs around the "ANY" grants. While many
>>> of these have been fixed provided you keep up with CPU/PSU patching. The
>>> flashback any privilege in the past had problems - see CVE-2012-1751. While
>>> this has been fixed you just never know when some patch or upgrade may
>>> break this again.
>>>
>>> As a general rule we do not allow any user or application account to
>>> have any of the ANY system privileges.
>>>
>>> If I was in your position I would get with the developers and find out
>>> what they are trying to accomplish and maybe find an alternative method to
>>> meet the requirements without granting flashback any.
>>>
>>> Hope that helps.
>>>
>>> Brent
>>>
>>>
>>>
>>> On Wed, Mar 18, 2015 at 5:50 AM, Kumar Madduri <ksmadduri@xxxxxxxxx>
>>> wrote:
>>>
>>>> Hello:
>>>> Our developers have requested flashback any table to be given to apps
>>>> (in an ebusiness environment). They would not have the apps password in
>>>> production. I think they are using it to build some feature in a custom
>>>> app.
>>>> Regardless of their motivation, I think this is a security risk because
>>>> why would a developer want this privilege in a production environment.
>>>>
>>>> I cant think like a hacker but it does not sound right to me.
>>>> Want to confirm with the list if I am missing something ?
>>>>
>>>> Thank you
>>>> Kumar
>>>>
>>>
>>>
>>
>
Other related posts:
