Re: Would you recommend such an application for production use?
- From: Kellyn Pedersen <kjped1313@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx, rjoralist@xxxxxxxxxxxxxxxxxxxxx
- Date: Thu, 18 Feb 2010 18:05:46 -0800 (PST)
And should we discuss that lovely password security on JDEdwards? I
have worked on three versions of JDEdwards, two companies and one
municipality and all of them could log into each others databases with their
own passwords and pull all the rows from the F09011 table if they wanted...
Default passwords can't be changed per JDE...(at least that's what they tell
everyone... :))
Kellyn Pedersen
Multi-Platform DBA
I-Behavior Inc.
http://www.linkedin.com/in/kellynpedersen
www.dbakevlar.blogspot.com
"Go away before I replace you with a very small and efficient shell script..."
--- On Thu, 2/18/10, Rich Jesse <rjoralist@xxxxxxxxxxxxxxxxxxxxx> wrote:
From: Rich Jesse <rjoralist@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Would you recommend such an application for production use?
To: oracle-l@xxxxxxxxxxxxx
Date: Thursday, February 18, 2010, 7:45 AM
> Same question... would you recommend SAP for production use... I guarantee,
> SAP is a LOT more invasive to the DB than what you describe...
>
> Alan.-
JDEdwards E1 is the opposite -- it's attempt at being DB-agnostic is shown
by it's GRANT ALL ON tablename TO PUBLIC for every table in the DB. At
least that's a nice smoking gun for me to be able to reject any
non-application login to the Production DB (and having management not only
back me up, but encourage me to protect our valuable data!).
IT Devs still get SELECT access via DB link -- and their own TEMP
tablespace. :)
Rich
--
//www.freelists.org/webpage/oracle-l
Other related posts:
