Trusted Oracle is very much like regular Oracle. Most of the
security actually comes from the OS. That being said it does have
row level security so you have to match or superseed the privilage
that the row has to see the row but sys has the ability to change
to the higher level and you install Oracle at the higher level. So
you still can't do a thing.
That being said, I remember trying to mount a CD for the first
time on Trusted HP. What a laugh. Whatever you do using the
regular OS add two steps. No docos and no sys admin that day.
Almost gave up.
-----Original Message-----
Sent: Friday, August 24, 2001 2:26 AM
To: Multiple recipients of list ORACLE-L
I have no direct experience of this on Oracle, but I do know that
trusted operating systems make it possible to prevent the sysadmin from
reading files. They can be backed up to tape and restored, but they
couldn't be opened by a regular process such as a text editor without
the operating system intervening to prevent it. Some systems are pretty
cool, they will even check security before letting you cut and paste
between windows, if the applications are running at different privilege
levels. Does Trusted Oracle do this?
But I agree, it's a matter of trusting your DBA. You trust your doctor
and your priest, right?
g
-----Original Message-----
Sent: Thursday, August 23, 2001 6:01 PM
To: Multiple recipients of list ORACLE-L
This has been discussed before, I'll try to summarize it as I remember.
Sure, you could put triggers, turn on auditing, whatever. But the DBA
by nature of his job function, can disable, remove, whatever you turn
on.
So it basically comes down to trusting your DBA, or getting a new DBA.
> -----Original Message-----
> From: Dave Leach [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 11:56 AM
> To: Multiple recipients of list ORACLE-L
> Subject: How do you audit a DBA?
>
>
> Anyone who can help,
>
> I've been asked if Oracle can somehow audit the DBA ie. Raise
> an alert if
> the DBA were to execute DML statements against sensitive tables, this
> assumes the DBA has the SYS password. I thought this was a pretty
> reasonable question but couldn't think of an answer. My
> trail of though was
> maybe an email alert to a designated member of staff sent via
> a trigger on
> the table.
>
> Any comments would be very appreciated.
>
> Dave Leach
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Anderson, Brian
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Guy Hammond
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Kimberly Smith
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
