Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Re[2]: security problem with 8i

RE: Re[2]: security problem with 8i

From: Jack C. Applewhite <japplewhite_at_inetprofit.com>
Date: Wed, 18 Jul 2001 08:58:42 -0700
Message-ID: <F001.0034D95D.20010718091628@fatcity.com> 






Oh yeah!  I've got one even better!  When I joined a previous company, their
*Web-accessible* application's administration username/password was
admin/admin!  Their production Oracle DB - accessed via the admin/admin
"protected" app - had system/manager and mps/mps (mps stands for Main
Production Schema), plus all the usual default schemas like ctxsys/ctxsys...



Needless to say, I closed those holes pretty quickly!



Jack





Jack C. Applewhite


Database Administrator/Developer


OCP Oracle8 DBA


iNetProfit, Inc.


Austin, Texas


www.iNetProfit.com


japplewhite_at_inetprofit.com


(512)327-9068





-----Original Message-----


Carmichael


Sent: Wednesday, July 18, 2001 11:13 AM


To: Multiple recipients of list ORACLE-L




I would doubt he's joking. I've had simular experiences....



transferred to another department within the same company. Get a call from
my old boss "our dba is out sick, we HAVE to have this done today, this is a
highly secured system you have to help and make the changes from this pc"



I go there, cannot log into the database with the username and password he
gives me. We call the dba (who was really sick), apologize and ask for the
username and password -- same as what I had. Still does not work. I stop,
think and say "let me try something"



and log in as system/manager



I do what they ask me to, then take my old boss aside and explain (gently)
that he has a security hole in his "highly secured" system that I could
drive a truck through.



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jack C. Applewhite
  INET: japplewhite_at_inetprofit.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L


(or the name of mailing list you want to be removed from).  You may

also send the HELP command for other information (like subscribing).


Received on Wed Jul 18 2001 - 10:58:42 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US