(RADIATOR) Orinoco wireless Access Points
Bon sy
bon at bunny.cs.qc.edu
Mon Sep 23 18:59:12 CDT 2002
Hi Mike,
Thanks for the infor. Comments at the end ....
On Sun, 22 Sep 2002, Mike McCauley wrote:
> > 3. When AuthBY SQL, is there a way not to expose the DB access
> > information? I am particularly concern the need of storing DB acccess
> > information in the conf file (and the Unix environment variable
> > such as ORACLE_USERID in the initialization file for Perl DBI). Since the
> > DB access will require more than just DML query, but also transaction
> > involving insert, update and delete, if RADIUS or conf file got
> > compromised, one will have all the information needed to do
> > damage on the DB side.
>
> Hmmm, some types of DBD interface support environment variables to determine
> that database to use (Im thinking of Oracle). But in the final analysis, the
> data is in a file somewhere. If you are concerned about that informaiton, I
> think you should set up your file permissions to suit.
>
This is what I understand (about Oracle): the basic idea about database
security is that the data integrity is protected by the database system
rather than the file system. In other words, there is one layer of
protection in the system level and there is one layer of protection in the
database layer.
It is true that when one gets root access, one can do whatever one wants
on any file in the system. But the integrity of the databse files (dbf in
Oracle) is checked by Oracle. One can destroy, or even replace with a
fake one, but the DB system will report an integrity error.
We actually have this experience: we were moving the dbf files from a hard
disk to another one when we did a hardware upgrade, the system won't take
it and complains about the media integrity error. So, the idea is that
unless the Oracle access information is compromised, it is at least one
more step harder to get the DB compromised without being noticed --- even
when one gets far enough to get root access.
But the problem becomes when the Oracle access is compromised. In this
case, one may be able to do damage and makes harder to be found out. And
this will require a real good DBA to catch the bad guy, which will be an
additional burden when using RADIUS ... even this may be no worse than,
let's say, a servlet DB connection running out of a servlet process at the
system level.
Bon
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list