RE: ODBC and database security
- From: "Duret, Kathy" <kduret@xxxxxxxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Fri, 3 Dec 2004 13:18:31 -0600
Amen to that! We have that all over here.
Then when you try to change your password all these rogue
reports/macros/excel things break and they all blame you......
I am going through a migration now and am going through this right now.
Kathy Duret
-----Original Message-----
From: Post, Ethan [mailto:Ethan.Post@xxxxxx]
Sent: Friday, December 03, 2004 12:12 PM
To: Kip.Bryant@xxxxxxxxxx; Meenakshi.Aggarwal@xxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: RE: ODBC and database security
You should be aware that program such as MS Access and such frequently
store the user name/passwords in the connect strings in plain text.
Programs such as Access can be very valuable in the hands of the right
user for reporting, moving data etc...however, all too often it ends up
in the hands of very evil users who write really weird macros which do
things like put your entire 20GB database in an Excel file every night.=20
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of
Kip.Bryant@xxxxxxxxxx
Sent: Friday, December 03, 2004 11:54 AM
To: Meenakshi.Aggarwal@xxxxxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: ODBC and database security
IMHO the real security issue is with the oracle client install. Sorry
if the
following is too obvious... You need to be certain that the DBA
utilities are=20
never installed and that the sqlnet config can't be changed so as to
avoid=20
system probing. And everyone has changed all default passwords, right?
;-)
Then the remaining issue would be account administration...what your
password=20
controls are...(length, content, expiration, sharing of accounts...).
Kip
|Hi All,
|Can anybody share what are database security issues when using ODBC
(set up
|on client PCs).
|Thanks
|--
|//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
This transmission contains information solely for intended recipient and may
be privileged, confidential and/or otherwise protect from disclosure. If
you are not the intended recipient, please contact the sender and delete all
copies of this transmission. This message and/or the materials contained
herein are not an offer to sell, or a solicitation of an offer to buy, any
securities or other instruments. The information has been obtained or
derived from sources believed by us to be reliable, but we do not represent
that it is accurate or complete. Any opinions or estimates contained in
this information constitute our judgment as of this date and are subject to
change without notice. Any information you share with us will be used in
the operation of our business, and we do not request and do not want any
material, nonpublic information. Absent an express prior written agreement,
we are not agreeing to treat any information confidentially and will use any
and all information and reserve the right to publish or disclose any
information you share with us.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
