Pau Lo
asked on
oracle priveleges
Aside from the DBA role privs set in DBA_ROLE_PRIVS, are there any othe rdefault priveleges that are "high risk" if granted to the wrong person, if so can you provide some other dangerous privelege that we should check for and the types of permissions they would allow to the users to do in your database. I guess DBA role is the highest privelege, as SYS and SYSTEM get it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Never bothered to look it up. I just follow orders... ;)
Even if I had Larry Ellison himself tell our security folks that dbms_random is "safe", I would still have to revoke it.
Looks like someone wrote a book on the subject. From the explanation there, it sounds believable.
https://books.google.com/books?id=KPohQPM8CEYC&pg=PA132&lpg=PA132&dq=security+hole+dbms_random&source=bl&ots=wOGr75Jatk&sig=xrA5hOZsRtqLR-WDukp3yw-Sd-Q&hl=en&sa=X&ei=bNVZVfKcJYKCyQSgh4GACQ&ved=0CB4Q6AEwAA#v=onepage&q=security%20hole%20dbms_random&f=false
Is it "true"? It has to be, I found it on the Internet...
Even if I had Larry Ellison himself tell our security folks that dbms_random is "safe", I would still have to revoke it.
Looks like someone wrote a book on the subject. From the explanation there, it sounds believable.
https://books.google.com/books?id=KPohQPM8CEYC&pg=PA132&lpg=PA132&dq=security+hole+dbms_random&source=bl&ots=wOGr75Jatk&sig=xrA5hOZsRtqLR-WDukp3yw-Sd-Q&hl=en&sa=X&ei=bNVZVfKcJYKCyQSgh4GACQ&ved=0CB4Q6AEwAA#v=onepage&q=security%20hole%20dbms_random&f=false
Is it "true"? It has to be, I found it on the Internet...
ASKER