If I had a dollar for every time someone asked me to help them setup their database application or utility to not ‘let someone do something in the database they are not supposed to do’ over the past 10 years, I would literally have about $347.
This is generally how it goes:
Them: We want your tool, but we don’t like that it lets user do X.
Me: Awesome! I want to give you our tool.
Them: Ok, but…
Me: Just revoke database privilege you are not happy with.
Them: But, that’s not easy.
Me: I can give you what you want, but what if your user just launches SQL*Plus or Access and does it from there?
Them: They aren’t allowed to do that.
Me: So you don’t trust your users, or you trust your users…which one is it?
Oracle gives you privileges and roles for a reason, use them!
Relying on tools to babysit your users will eventually bite you in the butt. What happens when you keep your kid in the crib for too long? They eventually learn to crawl out. They either hit their head, or get to the magic markers and the leather furniture when you’re not watching.
Keeping the honest people honest is easy. It’s the developers who are desperate for a solution and are smart and savvy enough to find a way around your poliices that cause problems. If you secure the database with the database, you will generally be OK. If you really want to scare yourself, check out Black Hat
But wait, we use triggers to kill sessions from users not logging in with the right app!
You can easily change the application name and-or module, and Oracle will think user is logging in with X instead of Y.
Quit arguing with me and please go secure your database. Please.
7 Comments
Pingback: Protecting Users from Themselves
Yes you are right. And security should also be applied to DBA access in some production environments. Gotta love those ‘secured in the app’ backdoors though to make a dbas life for access to those prod systems easier 🙂
I remember it used to be a DBA could get away with murder in the database. Security applies to everyone!
Jeff,
you are really right.
Gary: you can reduce all these signs to just one general-use sign (from playground to electricity to a knife or even a sheet of paper: THINK!
(I often call it ‘use the thing between your ears!’)
Martin, even a broken clock is right 2x a day 🙂 I am going to quote you on this!
You’re 110% right about that assumption. But no DBA should ever think that way, it’s inexcusable!
Do you ever see signs saying “Do not bring a crocodile into the childrens’ playground” ? No. Because no-one has ever tried it. But there is a sign on the electricity substation near us that says. “Do not enter. Danger of DEATH.” because there are people who have tried sneaking into them.
Most businesses apply the same principle to security. They won’t actually put any in place until AFTER someone has stolen something.
Oh, and it’s not actually whether they trust their users. The general assumption is that the users (including developers) can’t do anything that the pointy-haired manager can’t do, and the PHM can’t do anything unless it is made REALLY simple.