Hi Mark I agree with you Mark, even if its supplied by Oracle technicians - it is as you say possible to by-pass security completely. Does anyone in Oracle check that the field support personnel dispatched to a site ( in urgency ) are dumping data for the owner of it? -
I covered the issue of DUL with regards to security is the SANS Oracle security step-by-step book - action 6.5.1 kind regards Pete In article <[EMAIL PROTECTED]>, Mark Leith <[EMAIL PROTECTED]> writes >One problem I see with giving this away "free" is that you will be supplying >a tool that allows you to extract data from the database, bypassing all >inbuilt security. A BIG "no no". I suppose that also applies to this kind of >tool even under a paid license structure. > -- Pete Finnigan email:[EMAIL PROTECTED] Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
