> dba is disabled on production once its deployed. Furthermore there is
> never a need for the schema owner or dba to have an account in your
> application. So again, you trying to argue against Oracle and SQL
> security, which should be directed elsewhere.
>
Let me get this straight. You're saying there is no login to your
database that has access to your schema? I find that hard to believe.
How would you ever deploy updates to the schema if that was the case?
Further, I am not arguing for or against built-in database security. I
was simply stating that what you are doing is wasted effort.
> But in summary, in your opion there is no way to secure an
> application. The OS can't be secured, the server can't be secured nor
> the database. All the ideas and discussion in this thread is
> pointless.
>
I never stated that or even implied that. I am only pointing out which
security practices are wastes of time since they are ineffective.
> Although you have no suggestions of your own..... but you a speaking
> on CF Security at CFUN?
>
Maybe you missed read my post. I stated that suggestions alone don't
help anyone until they understand some general security concepts. I
don't see a mailing list as a proper forum for sharing that
information, so all I can do is point out what is wrong with the
suggestions made. For those people that are interested in the subject,
I do think they should attend my talk since it is a proper forum for
sharing the type of information needed to attack security efficiently
and successfully.
-Matt
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
