ThatJeffSmith

RANT: Database Security Should Be Handled by the Database

If I had a dollar for every time someone asked me to help them setup their database application or utility to not ‘let someone do something in the database they are not supposed to do’ over the past 10 years, I would literally have about $347.

This is generally how it goes:

Them: We want your tool, but we don’t like that it lets user do X.
Me: Awesome! I want to give you our tool.
Them: Ok, but…
Me: Just revoke database privilege you are not happy with.
Them: But, that’s not easy.
Me: I can give you what you want, but what if your user just launches SQL*Plus or Access and does it from there?
Them: They aren’t allowed to do that.
Me: So you don’t trust your users, or you trust your users…which one is it?

Oracle gives you privileges and roles for a reason, use them!

Relying on tools to babysit your users will eventually bite you in the butt. What happens when you keep your kid in the crib for too long? They eventually learn to crawl out. They either hit their head, or get to the magic markers and the leather furniture when you’re not watching.

Keeping the honest people honest is easy. It’s the developers who are desperate for a solution and are smart and savvy enough to find a way around your poliices that cause problems. If you secure the database with the database, you will generally be OK. If you really want to scare yourself, check out Black Hat

But wait, we use triggers to kill sessions from users not logging in with the right app!

You can easily change the application name and-or module, and Oracle will think user is logging in with X instead of Y.

Quit arguing with me and please go secure your database. Please.

DBAs, please tell me I’m right THIS time!?!