 |
|
Oracle Tips by Burleson |
Uncovering Security Holes
One of a DBA’s highest security priorities should be to ensure that
no user account can access any storage or database object that
should not be accessed by that user. While identifying such accounts
can get tricky, depending on the complexity of the database, there
are a few general sweeps that should be made from time to time to
uncover potential security holes in a system.
First, check to see that no general users are granted powerful
roles, such as DBA. A query like the dbagranted.sql script can
determine if such is the case:
* dbagranted.sql
-- *************************************************
-- Copyright © 2005 by Rampant TechPress
-- This script is free for non-commercial purposes
-- with no warranties. Use at your own risk.
--
-- To license this script for a commercial purpose,
-- contact info@rampant.cc
-- *************************************************
select
grantee
from
sys.dba_role_privs
where
granted_role = 'DBA'
and
grantee not in ('SYS','SYSTEM');
The results of this script might look like this example.
GRANTEE
------------------------------
HACKER
The above book excerpt is from:
Oracle
Tuning Power Scripts
With 100+ High Performance
SQL Scripts
Oracle In-Focus Series
ISBN
0-9744486-7-2
Mike Ault, Donald K.
Burleson. Harry Conway
http://www.rampant-books.com/book_2005_1_power_tuning.htm |
