Results 1 to 5 of 5
  1. #1
    Join Date
    Apr 2015
    Posts
    1

    Unanswered: best way to implement security in Oracle database

    Hi all. I want to know the best way to secure our database if any unauthorized/readonly admin one got the password of the other admin.
    1.By implementing two way authentication.
    2.By create separate database for each admin
    3.If any other then please suggest.

  2. #2
    Join Date
    Aug 2003
    Location
    Where the Surf Meets the Turf @Del Mar, CA
    Posts
    7,776
    Provided Answers: 1
    >1.By implementing two way authentication.
    how do you do above with Oracle database?
    You can lead some folks to knowledge, but you can not make them think.
    The average person thinks he's above average!
    For most folks, they don't know, what they don't know.
    Good judgement comes from experience. Experience comes from bad judgement.

  3. #3
    Join Date
    Jun 2004
    Location
    Liverpool, NY USA
    Posts
    2,509
    If the other admin gets the password of the first admin take two actions.
    1) fire the other admin for hacking
    2) first the first admin for stupidly
    Bill
    You do not need a parachute to skydive. You only need a parachute to skydive twice.

  4. #4
    Join Date
    Jun 2004
    Posts
    796
    Provided Answers: 1
    How will having two separate databases stop the admins from signing in to both of them if they know the passwords?
    90% of users' problems can be resolved by punching them - the other 10% by switching off their PCs.

  5. #5
    Join Date
    Oct 2002
    Location
    Cape Town, South Africa
    Posts
    253
    I'll suggest option 3.

    I think Oracle Auditing is your friend here. We have successfully caught an employee using the sys account via an Oracle hack by using the auditing features in conjunction with other tools.

    We enabled auditing on the logon/off and then used a cron job that ran every few seconds to email the security admin when a record was found. We could not prevent users from using the DB, but we could get notified when someone did something that was way out of line.

    I think you can do the same by reviewing the IP address of the access, or the client username (as apposed to the Oracle one).

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •