| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Re[2]: security problem with 8i
I would doubt he's joking. I've had simular experiences....
transferred to another department within the same company. Get a call from my old boss "our dba is out sick, we HAVE to have this done today, this is a highly secured system you have to help and make the changes from this pc"
I go there, cannot log into the database with the username and password he gives me. We call the dba (who was really sick), apologize and ask for the username and password -- same as what I had. Still does not work. I stop, think and say "let me try something"
and log in as system/manager
I do what they ask me to, then take my old boss aside and explain (gently) that he has a security hole in his "highly secured" system that I could drive a truck through.
>From: paquette stephane <stephane_paquette_at_yahoo.com>
>Reply-To: ORACLE-L_at_fatcity.com
>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
>Subject: Re: Re[2]: security problem with 8i
>Date: Wed, 18 Jul 2001 07:25:48 -0800
>
>Are you joking ?
>
> --- dgoulet_at_vicr.com a écrit : > Although there
>has been so much publicity of
> > security "holes" in Oracle, in
> > particular the listener, the one hole that really
> > causes me concern is the
> > default passwords for sys and system and/or using
> > the username as a password.
> > Over the past 2 years I've been to a few sites, like
> > 4, at a friends request
> > and/or on an interview where the manager said "show
> > me" and each time I've been
> > able to log onto the DB with any of the following:
> >
> > sys/change_on_install
> > sys/sys
> > system/system
> > system/manager
> >
> > Now come on, this was an old V6 thing that we were
> > suppose to do, and we're
> > still not!!
> >
> > Dick Goulet
> >
> > ____________________Reply
> > Separator____________________
> > Author: Ray Stell <stellr_at_stell.cns.vt.edu>
> > Date: 7/18/2001 5:15 AM
> >
> > On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon
> > Walthour wrote:
> > > Listers:
> > >
> > > My client has asked me to look into this issue and
> > determine if they should
> > > be concerned about it or not. Since they don't
> > have any db's directly
> > > accessible from the Internet and since their LAN
> > is very secure anyway, I'm
> > > inclined to not apply any patches based on the
> > premise that if it isn't a
> > > necessary patch, don't apply it in fear of
> > breaking something else. What do
> > > you think?
> > > --
> >
> > two words, disgruntled employee
> >
>===============================================================
> > Ray Stell stellr_at_vt.edu (540) 231-4109
> > KE4TJC 28^D
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author: Ray Stell
> > INET: stellr_at_stell.cns.vt.edu
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
>--------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author:
> > INET: dgoulet_at_vicr.com
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
>--------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
>
>=====
>Stéphane Paquette
>DBA Oracle, consultant entrepôt de données
>Oracle DBA, datawarehouse consultant
>stephane_paquette_at_yahoo.com
>
>___________________________________________________________
>Do You Yahoo!? -- Vos albums photos en ligne,
>Yahoo! Photos : http://fr.photos.yahoo.com
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: =?iso-8859-1?q?paquette=20stephane?=
> INET: stephane_paquette_at_yahoo.com
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: carmichr_at_hotmail.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Jul 18 2001 - 10:31:34 CDT
 |
 |