2
Email
Print
The use of PUBLIC is both a feature and a weakness, agreed Nancy Malpass, an Oracle DBA at Interstate Batteries System of America Inc., in Dallas, Texas. "The Public schema, synonyms, and public packages are necessary. Often they are mechanism that software vendors use to deploy their software on an Oracle database platform." she said.
Because application vendors dont develop to a specific platform, they have to take advantage, for example in installation scripts, of creating public names for the tables to avoid creating and managing complex database security. Hence, "public" gets used often by software vendors so users of the application can use the database, she said. "Thats one of the features of the database. Its "open". You can create a PL*SQL package, you can then grant access to anybody to run it. ... But if you have 3rd party applications in your Oracle databases, its a problem you have to deal with, and you have to rely on application security built into the 3rd party application."
Davidson admitted, during the panel, that public is a problem that Oracle is dealing with. But the Redwood Shores, Calif., company has been locking default configurations down further and further with each iteration, she said, and continues to look for ways to lock it down further.
Default accounts, used to install schemas and objects and to allow access to certain features, are reasonably easy to eliminate. Default privilege grants, on the other hand, are tough to get rid of, since they grant privileges to "public" users in partner products or custom applications.
9is database creation wizard locks some down but still leaves eight open if the GUI database creation tool is used. Six more default grants have been shut down in 10g, Davidson said, and Oracle is working to pin more down.
Why are databases shipped with default accounts in the first place? Because of issues with backwards compatibility, of the complexities of shutting something down without breaking something else, and of yanking rights away from customers who are used to them, Davidson said. "You cant do it instantaneously," she said. "Because of bootstrap and backwards compatibility, as a DBA, you just cant say, Oh, by the way, when you update, the Connect As DBA syntax doesnt work anymore.
"Thats the next big area in general for industry—secure by default. Partly its the issue of dependencies, partly its the inability to please all user groups at once, partly not everybody knows how everybody uses their products."
Another factor is the number of software vendors who rely on the drug-addict model, she said. In that scenario, software sellers roll out the red carpet to get developers hooked on their software. "They encourage people to have fun with demo scripts, and you have accounts open and sample Java pages to see the cool things you can do on their product," Davidson said. "You get the development community hooked and you want to make it easy on them. Then when people go into production, they want everything locked down. The challenge is that vendors cant have one size fits all."
Discuss this in the eWEEK forum.
