Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Database Security

Posted on 2011-02-21
5
Medium Priority
?
360 Views
Last Modified: 2012-05-11
How to get the following items from Oracle, MS SQL databases? Anyone can gives me the command?

1. All users and passwords (even encrypted)
2. All table names
3. All table privileges

Also, what is security on database that is required when doing audit?
It would be great if you can find a official security checklist.


Thank you!
0
Comment
Question by:mawingho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 11

Accepted Solution

by:
Akenathon earned 500 total points
ID: 34943887
Please only one question per post. I'm answering the first question for Oracle:

1) select username, password from dba_users
2) select table_name from dba_tables
3) select * from dba_tab_privs
0
 
LVL 77

Assisted Solution

by:slightwv (䄆 Netminder)
slightwv (䄆 Netminder) earned 500 total points
ID: 34946122
Oracle privs are more complicated.

You also have:
Dba_sys_privs, dba_role_privs, role_sys_privs and another or two I can't rember right now.

Audits can cover many areas.  If you are getting ready to go through one, the auditors should provide you with the specifics on what they are looking for.

0
 
LVL 35

Assisted Solution

by:johnsone
johnsone earned 500 total points
ID: 34952126
Every auditor is going to look for something different.

I have found that they don't want the results of queries that join things together.  I guess they don't trust that you are not doing something magic in the queries.  Typically, for Oracle, they wanted dumps of DBA_SYS_PRIVS, DBA_TAB_PRIVS and DBA_ROLE_PRIVS.  They figured it out from there.

They want the user names and encrypted passwords so they can run a password cracker against them.
0
 
LVL 48

Assisted Solution

by:schwertner
schwertner earned 500 total points
ID: 34952656
In addition to the document below try to find on My Oracle Support the following doc:

207959.1
 All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault
     1) Alerts
     2) System Privileges
     3) Object Privileges
     4) Users and Roles
     5) User and Tablespace Quotas
     6) Profiles and Resource Limits
     7) Password Management
     8) Connect Internal and Password Files
     9) O/S Authentication
     10) Auditing
     11) Event Triggers
     12) Fine Grained Access Control
     13) Oracle Label Security
     14) Database Vault
     15) Audit Vault
     16) Data Encryption
     17) Security Server
________________________________________

Oracle-20Database-20Security-20F.pdf
0
 

Author Closing Comment

by:mawingho
ID: 34977049
thanks
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Access is a place to store data within tables and represent this stored data using multiple database objects such as in form of macros, forms, reports, etc. After a MS Access database is created there is need to improve the performance and…
In this article, I’ll look at how you can use a backup to start a secondary instance for MongoDB.
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question