Re: audit suggestion

  • From: tboss@xxxxxxxxxxxxxxxxxx
  • To: wbfergus@xxxxxxxx
  • Date: Mon, 24 Jan 2005 11:57:13 -0500 (EST)

Did they shut off access to "at" as well?  Otherwise, I could run "at"
jobs all day long and not care about cron.

Definitely some short sightedness going on at your organization.
Perhaps some simple education into Unix operations is in order
for your auditors/management.


> What could they do to the database with cron that they couldn't already =
> do
> with the PL/SQL built-in packages that's malicious?
> Access to cron is merely a convenience for administrative-type tasks, =
> like
> moving archive logs, etc. If somebody wanted to schedule malicious code =
> to
> be run, it would better to utilize the built-in packages to execute it, =
> so
> the SA's or anybody else, wouldn't discover it until it was to late.
> Your auditors failed to understand Oracle, and the advanced aspects of
> computers. I'm surprised they didn't apply the same logic to the
> keyboards, restricting access to those so the DBA's don't run malicious
> code.

Other related posts: