Re: Any bad experiences with SYSDBA and DBA application users?

Re: Any bad experiences with SYSDBA and DBA application users?

 

  

Hi,

with "as sysdba" or with DBA role its possible to get access to the
server using many different possibilities. Do not grant SYSDBA, DBA, ALL
PRIVILEGES or indeed system privileges to application users. The risks
are very high.

There are two good security checklists on my site
http://www.petefinnigan.com/orasec.htm that will give you some good
lists of security issues to check in an Oracle database.

Kind regards

Pete
--
Pete Finnigan (email:[Email address protected]
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Oracle LazyDBA home page