The reasoning behind the utilization of sys, sysdba or system accounts
by developers used to escape me, until I realized that the developers
who utilize coding methodologies encompassing the use of powerful
system accounts are simply uneducated in prudent
secure coding methodologies, and are generally lazier that LazyDBAs!!!
(Just kidding, nothing is more slothfull than a lazy developer).

I absolutely have never permitted the use of sysdba granted, or
sys/system accounts in our shop. When I run into bad developer coding
practices at my clients, I enumerate the transgressions, and flee! My
Errors and Omissions Insurance does not cover the stupidity evidenced
by application level use of sysdba granted UIDs.

You should peruse, in detail, if you haven't already, the database
security pages at MetaLink. But, in the meantime, anecdotally, I have
witnessed the dropping of db objects to time bomb style code inserts by
developers who become disgruntled. This is a mighty short list, however,
if this is going on in your organization, I would go to the top ASAP and
spill your guts.

---
Marc


> -------- Original Message --------
> Subject: Any bad experiences with SYSDBA and DBA application users?
> From: "Alex Bacon"
> <oracledba-ezmlmshield-x70508787.[Email address protected]
> Date: Thu, October 28, 2004 3:27 pm
> To: "LazyDBA Discussion" <[Email address protected]
>
> We are trying to persaude the application developers to NOT use sysdba
> and dba privileges for the application users. Has anyone got a set or
> reasons / bad experiences for why they shouldn't have it?
>
> Cheers,
>
> Alex
>
>
> --------
> website: http://www.LazyDBA.com
> Please don't reply to RTFM questions
> Oracle documentation is here: http://tahiti.oracle.com
> To unsubscribe: see http://www.lazydba.com/unsubscribe.html
> To subscribe: see http://www.lazydba.com
> By using this list you agree to these terms:http://www.lazydba.com/legal.html


Oracle LazyDBA home page