To Niall's point, you can do all the due diligence you want but sooner or later you got to break the egg. That being said, the only absolutely sure way to know that no one is using a feature, etc., is to shut it off. Just be sure you have a way to turn it back on in a hurry. Dick Goulet Senior Oracle DBA PAREXEL International 978.313.3426 information transmitted in this communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please destroy any copies, contact the sender and delete the material from any computer. ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Niall Litchfield Sent: Friday, November 14, 2008 11:47 AM To: dannorris@xxxxxxxxxxxxx Cc: Oracle L Subject: Re: is it ok to tighten up extproc security? The only trouble of course is when it's used in a custom quarter-end process and the phone rings 2.5 months after the change! Not that I've ever had this experience you understand :( On Fri, Nov 14, 2008 at 2:51 PM, Dan Norris <dannorris@xxxxxxxxxxxxx> wrote: Of course, you could just comment it out and wait for the phone to ring. That's probably what I'd do :). Dan -- Niall Litchfield Oracle DBA http://www.orawin.info