Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 17th, 2017, 9:19pm
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Database Security
   Database Security
(Moderator: Pete Finnigan)
   dba role through indirect membership
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: dba role through indirect membership  (Read 1412 times)
robotto
PeteFinnigan.com Newbie
*



I love YaBB 1G - SP1!

   
View Profile |

Posts: 4
dba role through indirect membership
« on: Nov 17th, 2010, 3:17pm »
Quote | Modify

Hi Pete,
 
I have recently performed an audit on an Oracle database using Squirrel. I have noted that all users have indirectly adopted the DBA role via another role. How severe is this if what can be performed by users is controlled by the application? Secondly what parameter can be set on Oracle to negate a direct connection to the database, i.e. bypass the normal route of access such as the application.
 
Thanks,
Stephen
IP Logged
gamyers
PeteFinnigan.com Junior Member
**



I love YaBB 1G - SP1!

   
View Profile |

Posts: 80
Re: dba role through indirect membership
« Reply #1 on: Nov 19th, 2010, 3:59am »
Quote | Modify

If the application is a web application, then you are best off with a firewall style lockout that prevents connections to the database from machines other than the application server.
 
Within Oracle a similar effect can be achieved using SQLNET.ora settingshttp://download.oracle.com/docs/cd/B28359_01/network.111/b28317/sqlnet.h tm#CIHJDJII
 
I'd suggest putting an AUDIT on use of the DBA role and if, after a week, the audit trail doesn't indicate it is necessary then REVOKE the role.
IP Logged
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board