Eye on Oracle

Jul 4 2007   11:35PM GMT

Database security bloopers

Ken Cline Profile: Clinek

As we reported last week, a new survey shows that IT security pros have a “disturbing lack of confidence” in the ability of organizations to use sensitive information securely.

The survey looked at the data privacy and data protection concerns of 1,000 IT security workers and compliance professionals. It found that many see the potential for disastrous data loss and feel that their organizations aren’t equipped to deal with the risk. Well-known Oracle blogger and consultant Peter Finnigan agreed, saying “my experience [with] users of Oracle databases and database users in general is that databases tend to not be securely deployed. They are better than they have been in recent years but still not where they should be in terms of protecting data.”

Frankly, it’s hard for me to believe that DBAs aren’t already doing all they can to protect their data assets. If not, why not? The years of warnings haven’t been enough? The multiple and expensive break-ins didn’t jar you into action? Don’t think it can happen to you? You think your data isn’t all that valuable? Just plain lazy?

If you are an experienced DBA or a consultant, send me the worst (and/or funniest) security nightmares you’ve seen and we’ll post the most horrifying here in the blog (anonymously, of course). Come across a company using SCOTT/TIGER as their admin login? We want to hear about it!

Have a good holiday week,

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • anon
    Most places I've worked aren't even on a (sub) version of Oracle that allows the latest CPUs to be installed. I don't think it is a DBA problem. It's a (senior) management problem, who don't consider security a priority. Unfortunately security is measured by what doesn't happen. No-one is going to say to a DBA "Congratualtions, no-one stole data from us this year. Here's a 10% pay rise.". Instead they say "Great, we reduced the number of days the database was down for maintenance by 5%."
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: