• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Database Security

How to get the following items from Oracle, MS SQL databases? Anyone can gives me the command?

1. All users and passwords (even encrypted)
2. All table names
3. All table privileges

Also, what is security on database that is required when doing audit?
It would be great if you can find a official security checklist.


Thank you!
0
mawingho
Asked:
mawingho
4 Solutions
 
AkenathonCommented:
Please only one question per post. I'm answering the first question for Oracle:

1) select username, password from dba_users
2) select table_name from dba_tables
3) select * from dba_tab_privs
0
 
slightwv (䄆 Netminder) Commented:
Oracle privs are more complicated.

You also have:
Dba_sys_privs, dba_role_privs, role_sys_privs and another or two I can't rember right now.

Audits can cover many areas.  If you are getting ready to go through one, the auditors should provide you with the specifics on what they are looking for.

0
 
johnsoneSenior Oracle DBACommented:
Every auditor is going to look for something different.

I have found that they don't want the results of queries that join things together.  I guess they don't trust that you are not doing something magic in the queries.  Typically, for Oracle, they wanted dumps of DBA_SYS_PRIVS, DBA_TAB_PRIVS and DBA_ROLE_PRIVS.  They figured it out from there.

They want the user names and encrypted passwords so they can run a password cracker against them.
0
 
schwertnerCommented:
In addition to the document below try to find on My Oracle Support the following doc:

207959.1
 All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
     1) Alerts
     2) System Privileges
     3) Object Privileges
     4) Users and Roles
     5) User and Tablespace Quotas
     6) Profiles and Resource Limits
     7) Password Management
     8) Connect Internal and Password Files
     9) O/S Authentication
     10) Auditing
     11) Event Triggers
     12) Fine Grained Access Control
     13) Oracle Label Security
     14) Database Vault
     15) Audit Vault
     16) Data Encryption
     17) Security Server
________________________________________

Oracle-20Database-20Security-20F.pdf
0
 
mawinghoAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now