I am currently working as IT-maintenance-guy for a classic MVC-system(oracle-db/jboss) at public sector. The newest feature should be the shutdown of my oracle-db-readOnly-Account cause of "security reasons" (<– Yes, it is not any more specific than that). I tried to some investigation on what that security threats might be, but i ended up finding no argument suiting my case.
My question is:
Can a readOnly-Access to an Oracle-Database cause any serious security issues?
I am looking for arguments that i can toss at the decision-maker that there is no threat coming from me having a readOnly-Account!
Additional information:
- I am also inside the house-LAN (behind exterior firewall)
- I am a learned SQL-user.
- I don't store data on my local machine and i have no intention of selling/leaking any data. Beside the fact that the data is not the slightest bit intresting for any outsider 😉
Thanks in advance for any good ideas/arguments/issues/hints!!
Best Answer
Yes, there are.
control and audits are getting more and more important.
A solution can be to have a copy system in place that generates an adhoc query database that is de-personified enough so privacy concerns can be remedied. It also alleviates the production host from the load caused by the research queries.
A controlled reporting tool can also be helpful, I just don't see how that mitigates privacy concerns other than having predefined reports that just don't show personal data.