Introduction
Account security probably raises the most controversies and is the most difficult aspect of database security. For example your database could have third-party applications schemas that have more privileges than they actually need.I have seen during my experience many application schema users with all ANY type privileges or DBA and SYSDBA role granted due to a misguided application design. In such a situation, it could be very difficult to revoke privileges because there is a risk of affecting the entire application functionality. The access to the database is granted through a form of authentication, and all access to database objects is performed through user accounts. Too many privileges and weak passwords will open the door to sensitive data. Probably, one of the most successful outcomes of a hacker's attack would be to find or crack passwords for users with administrative rights. For example, in previous Oracle versions, such as 9i and 10g, there were active users installed...
