 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> If we had ever had to upgrade it, the process would probably be to run
> some vendor-provided SQL scripts.
Oh, so it's not your code. No, that part doesn't apply, then.
--
Darren New, San Diego CA, USA (PST)
Forget "focus follows mouse." When do
I get "focus follows gaze"?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Thu, 14 Jan 2010 19:25:36 +0000, Orchid XP v8 wrote:
>>> Woah. That one really is a random grab-bag, eh?
>>
>> Not really, they're all related to administration of a Windows
>> infrastructure.
>
> Well, that was the general intention. It looks kind of random on the
> page though. (I guess to somebody who knows what they're talking about,
> it suggests that I have a clue too.)
With regard to your parenthetical - exactly! :-)
>>> Actually *all* I've done is install Oracle, create a blank database,
>>> recover a destroyed database from backup, and regularly backup a
>>> running database. That's basically *it*. But by mumbling something
>>> about "other maintenance" I can make it sound like I did something
>>> significant.
>>
>> So someone else does the DBA tasks? In that case, just be prepared to
>> define what "other maintenance" is in case they ask.
>
> Define "DBA tasks".
User admin (granting access and such), troubleshooting, table layout and
design (sounds like you probably weren't involved in this last bit, with
one application that was vendor-supplied).
> Seriously, the database runs itself. I need to set it up initially,
> recover it if it breaks, and back it up periodically. What else is
> there?
Troubleshooting if it breaks comes to mind.
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Heh. Like employers are going to care whether I prefer ballroom to
>> hip-hop. :-P
>
> They may not, but if you're being interviewed by someone who is also into
> dancing, that common interest can be useful for the interview. Never
> underestimate the value of having something in common with the
> interviewer.
Reminds me of a telephone interview I had a while back, it was meant to be
about 30 mins, but after 30 mins of talking about radio controlled
helicopters it ended up being about an hour!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Define "DBA tasks".
>
> User admin (granting access and such), troubleshooting, table layout and
> design (sounds like you probably weren't involved in this last bit, with
> one application that was vendor-supplied).
No user admin; rather than use Oracle's extensive security features,
this crappy little VB app chose to defeat Oracle's security and
implement all the security in the application itself.
In other words, the VB app connects to the database with username
"database" and password "blue198". The app itself then decides what data
it will or won't let the user see. But if you open up a copy of the
Oracle SQL console and use the same username and password, you have
unlimited access to the entire DB. (And I *mean* write-access!)
Even more amusingly, the user information is stored in an Access
database file. Why the hell that table isn't in the Oracle DB is beyond
me. Every now and then the Access DB would get "corrupted", and I'd have
to try to fix it. (Usually by just restoring it from backup.)
Presumably the reason for this stupidity is that the VB app works with
Oracle *and* SQL Server, which presumably have utterly different
security systems... Even so, really dumb design!
>> What else is there?
>
> Troubleshooting if it breaks comes to mind.
Well, yeah, there is that.
The documentation doesn't actually *explain* how half of this stuff
works, and the company that makes it got bought half way through our
using it, so...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> Presumably the reason for this stupidity is that the VB app works with
> Oracle *and* SQL Server, which presumably have utterly different
> security systems... Even so, really dumb design!
Not necessarily. A really dumb design if you have more than one application
accessing the database, tho.
--
Darren New, San Diego CA, USA (PST)
Forget "focus follows mouse." When do
I get "focus follows gaze"?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Presumably the reason for this stupidity is that the VB app works with
>> Oracle *and* SQL Server, which presumably have utterly different
>> security systems... Even so, really dumb design!
>
> Not necessarily. A really dumb design if you have more than one
> application accessing the database, tho.
What, and giving every user on the network complete access to the DB
isn't a bad idea? ;-)
Seriously, anybody with the smarts to open up the Access DB and read the
username and password out of the table there would then know how to
access the Oracle DB.
Actually, wait - yes, I remember now! That was the most retarded part...
The Access DB contains "linked tables", which actually reside in the
Oracle DB. In other words, the Access DB makes Oracle look like an
Access DB. (I'm guessing VB probably has a native JET API or something.)
So all it would take is for some random user to stumble upon the right
folder and go "what's this?" and open up the Access DB, and they now
have write access to all of our regulated, audited data.
So that statement about "data is kept under strict access controls" is
actually balony. ;-)
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> What, and giving every user on the network complete access to the DB
> isn't a bad idea? ;-)
OK, storing the password in a *desktop* application is a dumb idea. It's not
quite so dumb when you're talking about a web app where people don't have
the database's password stored locally.
--
Darren New, San Diego CA, USA (PST)
Forget "focus follows mouse." When do
I get "focus follows gaze"?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> What, and giving every user on the network complete access to the DB
>> isn't a bad idea? ;-)
>
> OK, storing the password in a *desktop* application is a dumb idea. It's
> not quite so dumb when you're talking about a web app where people don't
> have the database's password stored locally.
Sure. If it's a web app, you can put the DB server and the web server
right next to each other and firewall the hell out of it. But giving the
desktop users the password - in a highly regulated safety-relevant
system? Not smart.
Of course, I didn't make a point of telling the auditors about this...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> Page #2 is important and if I were you. This is where I would add your
>> knowledge of programming languages. Including PovRay SDL, you never know
>> ;)
>
> I agree, that's a great place to add more detail on programming languages
> and other hobbies (like maths, crypto, compression, etc).
How do you suggest doing this? List programming as a hobby? Add another
section heading? I'm not sure what's the best way to do this.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On Mon, 18 Jan 2010 12:20:39 +0000, Invisible wrote:
>>> Page #2 is important and if I were you. This is where I would add your
>>> knowledge of programming languages. Including PovRay SDL, you never
>>> know ;)
>>
>> I agree, that's a great place to add more detail on programming
>> languages and other hobbies (like maths, crypto, compression, etc).
>
> How do you suggest doing this? List programming as a hobby? Add another
> section heading? I'm not sure what's the best way to do this.
I'd list it as a hobby or under a new heading called something like
"related skills".
Jim
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
