Database Security

How to get the following items from Oracle, MS SQL databases? Anyone can gives me the command?

1. All users and passwords (even encrypted)
2. All table names
3. All table privileges

Also, what is security on database that is required when doing audit?
It would be great if you can find a official security checklist.


Thank you!
mawinghoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
AkenathonConnect With a Mentor Commented:
Please only one question per post. I'm answering the first question for Oracle:

1) select username, password from dba_users
2) select table_name from dba_tables
3) select * from dba_tab_privs
0
 
slightwv (䄆 Netminder)Connect With a Mentor Commented:
Oracle privs are more complicated.

You also have:
Dba_sys_privs, dba_role_privs, role_sys_privs and another or two I can't rember right now.

Audits can cover many areas.  If you are getting ready to go through one, the auditors should provide you with the specifics on what they are looking for.

0
 
johnsoneConnect With a Mentor Senior Oracle DBACommented:
Every auditor is going to look for something different.

I have found that they don't want the results of queries that join things together.  I guess they don't trust that you are not doing something magic in the queries.  Typically, for Oracle, they wanted dumps of DBA_SYS_PRIVS, DBA_TAB_PRIVS and DBA_ROLE_PRIVS.  They figured it out from there.

They want the user names and encrypted passwords so they can run a password cracker against them.
0
 
schwertnerConnect With a Mentor Commented:
In addition to the document below try to find on My Oracle Support the following doc:

207959.1
 All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
     1) Alerts
     2) System Privileges
     3) Object Privileges
     4) Users and Roles
     5) User and Tablespace Quotas
     6) Profiles and Resource Limits
     7) Password Management
     8) Connect Internal and Password Files
     9) O/S Authentication
     10) Auditing
     11) Event Triggers
     12) Fine Grained Access Control
     13) Oracle Label Security
     14) Database Vault
     15) Audit Vault
     16) Data Encryption
     17) Security Server
________________________________________

Oracle-20Database-20Security-20F.pdf
0
 
mawinghoAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.