On Thu, Mar 10, 2011 at 1:07 PM, Guillermo Alan Bort <cicciuxdba@xxxxxxxxx>wrote: > However, I was not worried about attack, not yet at least, I was more > worried about people "legitimately" having the password and using it even > though they are not supposed to. > > Doesn't auditing deal with the sys/app admins who might fall into this category. Other than that I don't see that anyone should legitimately have application passwords. -- Niall Litchfield Oracle DBA http://www.orawin.info