Forum Stats

  • 3,839,357 Users
  • 2,262,486 Discussions
  • 7,900,949 Comments

Discussions

Is that safe if I setup expiration for user SYSTEM?

User_F51IA
User_F51IA Member Posts: 1 Red Ribbon
edited Aug 14, 2020 12:21PM in Database Security - General

Hi,

For security improvement, our security team suggest us to create Oracle Profile with expiration date for user SYSTEM. My question is, is that safe? This is single instance Oracle Database.

Thanks.

pmdba

Answers

  • EdStevens
    EdStevens Member Posts: 28,778 Gold Crown
    edited Aug 14, 2020 12:21PM
    3505535 wrote:Hi,For security improvement, our security team suggest us to create Oracle Profile with expiration date for user SYSTEM. My question is, is that safe? This is single instance Oracle Database. Thanks.

    I don't see an issue. You probably shouldn't be using that account for your own purposes, any way.  Having its password expired only prevents it from making a connection. It doesn't affect any internal operations. I know that some people lock the account "from the git-go".

    pmdbaandrewmy
  • User_BH897
    User_BH897 Member Posts: 9 Green Ribbon

    Hi,

    Agree with EdStevens - I (personally) always lock out SYSTEM immediately (as I am responsible for DB security most of the time). If you need a DBA level user to connect to your database (don't we all?) create them a separate and accountable account with the appropriate controls specified by your 'security' team AND audit DBA user accounts as a matter of course.

    Remember - SOD and POLP.

    Hope this helps.