Quoting rjamya <rjamya@xxxxxxxxx>: > > You can make sure that > 1. any normal user can't get to the raw (or cooked) datafiles. > 2. They don't have access to 'dd' command > > in addition to whatever else that you are doing. > > rjamya > > On 2/7/07, Naqi Mirza <naqimirza@xxxxxxxxx> wrote: > > > > Thanks Steve, the files will be offline and one of the main purposes of > > this is to show that data, can be read out of an oracle datafile by a > > malicious user (sure specifying the count and skip could take some doing > by > > a hacker, but its still possible). Even with vpd and label security the > dba > > (the insider threat) could still get access to this data. This is one of > the > > reasons of pushing the use of TDE at a site - need to check and confirm if > > this same information is encrypted in the datafiles. > > Thanks. Ins't all this precisely what OS restricted shells were created for? Or has everyone forgotten about them? -- Cheers Nuno Souto from windy Sydney -- //www.freelists.org/webpage/oracle-l