Comments on: The Oracle security debate

By: Zahid Shaikh

Zahid Shaikh — Tue, 08 Apr 2008 14:05:45 +0000

I think financial constraints should not be an excuse for database security. It is a DBA’s responsibility to keep security patches up to date. He needs to make sure that the organization is aware of security risks and potential risks of data loss and hacking. However, I like the idea of by Mr. Seth that software companies should take care of these security patches or any other updates to the software becuase it is very time consuming to apply these patches if you are behind with your patches.

By: Sukaina Anis

Sukaina Anis — Mon, 07 Apr 2008 18:55:02 +0000

Why are patches a must for DBAs? Can’t the database company take the responsilbility of applying patches whenever needed?
Is it not that companies developing softwares for databases should have initially taken care of securing the database? If a user needs a good database, he needs to buy it from a good database company, and the company to earn more does not gives good security options with the bundle, later sells it as patches.
If the user does not uses it he suffers or else he has to empty more from his pocket.
From these given options:
a.) poorly designed software
b.) failure to apply patches and maintain software
c.) lack of financial resources
d.) all of the above
I will strongly select (d).
Regards,

By: Seth Miller

Seth Miller — Fri, 04 Apr 2008 19:10:11 +0000

It’s the same problem we have with trying convince clients to properly swap their tapes out every night to maintain a current backup of the system. If they have gone two, three or even five years without data loss, they no longer see the need to maintain their backups.

I have been trying to convince management that we are seriously lacking security on our servers, but they won’t allocate resources to patch the databases because there is no immediate need. It’s sad to say but most places won’t acknowledge their lack of security until it has already been compromised.