RE: Any bad experiences with SYSDBA and DBA application users?

RE: Any bad experiences with SYSDBA and DBA application users?

 

  

when developers use id's that can bypass security, they tend to build
applications that way too.

this creates a situation where the application itself (or the users using
it) also need many more privs that necessary - or security on the schema
objects is reduced (eg grant all to public) .

once an application is in prod it can be very difficult to fix these kinds
of security breaches

security is relatively cheap to implement early

good luck,

steve








"Darren Pilkington "
<oracledba-ezmlmshield-x24751731.[Email address protected]
10/28/2004 09:00 PM


To: "LazyDBA Discussion" <[Email address protected]
cc:
Subject: RE: Any bad experiences with SYSDBA and DBA application users?


Prior to implementing any new systems or system changes we require the
developers to provide a list of the tables / objects etc. and a list of
roles and the specific privileges that they should be assigned, down to
column level if required.
We will never let through any changes without this. sysdba as it infers
for DBA's only and to be used in the course of maintaining a reliable
secure database.

Security is always the first priority.
We never assign specific privileges to individual users. Only roles to
users - it makes maintenance far easier.

Good luck,

Darren Pilkington
Database Administrator

Tattersall's Database Administration


-----Original Message-----
From: Alex Bacon
[mailto:oracledba-ezmlmshield-x70508787.[Email address protected]
Sent: Friday, 29 October 2004 8:28am
To: LazyDBA Discussion
Subject: Any bad experiences with SYSDBA and DBA application users?


We are trying to persaude the application developers to NOT use sysdba
and dba privileges for the application users. Has anyone got a set or
reasons / bad experiences for why they shouldn't have it?

Cheers,

Alex


--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these terms:http://www.lazydba.com/legal.html



**********************************************************************
CONFIDENTIALITY NOTE:
This e-mail is intended only for the use of the individual or entity
named above and may contain information that is confidential and
privileged. If you are not the intended recipient, you are hereby
notified that any distribution, copying or dissemination of this
e-mail is strictly prohibited. If you have received this e-mail in
error or are not the named recipient, please notify us immediately
by return e-mail or telephone +61 3 8517 7777 and destroy
the original message. Thank you
**********************************************************************



--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these terms:http://www.lazydba.com/legal.html




Oracle LazyDBA home page