RE: audit suggestion
- From: William B Ferguson <wbfergus@xxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Mon, 24 Jan 2005 09:49:29 -0700
What could they do to the database with cron that they couldn't already =
do
with the PL/SQL built-in packages that's malicious?
Access to cron is merely a convenience for administrative-type tasks, =
like
moving archive logs, etc. If somebody wanted to schedule malicious code =
to
be run, it would better to utilize the built-in packages to execute it, =
so
the SA's or anybody else, wouldn't discover it until it was to late.
Your auditors failed to understand Oracle, and the advanced aspects of
computers. I'm surprised they didn't apply the same logic to the
keyboards, restricting access to those so the DBA's don't run malicious
code.
------------------------------------------------------------
Bill Ferguson
U.S. Geological Survey - Minerals Information Team
PO Box 25046, MS-750
Denver, Colorado 80225
Voice (303)236-8747 ext. 321 Fax (303)236-4208
~ Think on a grand scale, start to implement on a small scale ~
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx =
[mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of rjamya@xxxxxxxxx
Sent: Monday, January 24, 2005 9:24 AM
To: KATHERINE_KAYLOR@xxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: audit suggestion
At some point you have to trust your DBA, if that is not present, you =
have
bigger problems than cron jobs. auditors lack humor, so don't tell them =
I
said so.
so, if DBA's cannot run it, then unix SA's should run the cron jobs? If
so, do you completely trust your SA? BTW, to heck with cronjob, use
dbms_job, if you want you can still do the damage using dbms_job.
Raj
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
