What could they do to the database with cron that they couldn't already = do with the PL/SQL built-in packages that's malicious? Access to cron is merely a convenience for administrative-type tasks, = like moving archive logs, etc. If somebody wanted to schedule malicious code = to be run, it would better to utilize the built-in packages to execute it, = so the SA's or anybody else, wouldn't discover it until it was to late. Your auditors failed to understand Oracle, and the advanced aspects of computers. I'm surprised they didn't apply the same logic to the keyboards, restricting access to those so the DBA's don't run malicious code. ------------------------------------------------------------ Bill Ferguson U.S. Geological Survey - Minerals Information Team PO Box 25046, MS-750 Denver, Colorado 80225 Voice (303)236-8747 ext. 321 Fax (303)236-4208 ~ Think on a grand scale, start to implement on a small scale ~ -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx = [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of rjamya@xxxxxxxxx Sent: Monday, January 24, 2005 9:24 AM To: KATHERINE_KAYLOR@xxxxxxxxxx Cc: oracle-l@xxxxxxxxxxxxx Subject: Re: audit suggestion At some point you have to trust your DBA, if that is not present, you = have bigger problems than cron jobs. auditors lack humor, so don't tell them = I said so. so, if DBA's cannot run it, then unix SA's should run the cron jobs? If so, do you completely trust your SA? BTW, to heck with cronjob, use dbms_job, if you want you can still do the damage using dbms_job. Raj -- //www.freelists.org/webpage/oracle-l -- //www.freelists.org/webpage/oracle-l