The application needs the minimum permissions to do what it needs. Anything
extra is a security hole that can be exploited. In our shop (since we don't
delete records for business reasons) the only privileges granted areconnect,
select, update and insert. The app doesn't need more than that so it the
generic app user gets nothing more.

Bastien



----- Original Message -----
From: "Alex Bacon "
<oracledba-ezmlmshield-x70508787.[Email address protected]
To: "LazyDBA Discussion" <[Email address protected]
Sent: Thursday, October 28, 2004 6:27 PM
Subject: Any bad experiences with SYSDBA and DBA application users?


> We are trying to persaude the application developers to NOT use sysdba
> and dba privileges for the application users. Has anyone got a set or
> reasons / bad experiences for why they shouldn't have it?
>
> Cheers,
>
> Alex
>
>
> --------
> website: http://www.LazyDBA.com
> Please don't reply to RTFM questions
> Oracle documentation is here: http://tahiti.oracle.com
> To unsubscribe: see http://www.lazydba.com/unsubscribe.html
> To subscribe: see http://www.lazydba.com
> By using this list you agree to these
terms:http://www.lazydba.com/legal.html
>



Oracle LazyDBA home page