| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> strt<SID>.cmd security hole??
I inherited an Oracle 7.3.4 database that nobody knew the internal password
for. So I was doing some research on metalink and came across an article
that mentioned the strt<SID>.cmd file would have the password. I was amazed
to open up this file and see the unencrypted password for internal. I then
check my 8.0.5 database and the same thing. Then I checked my 8.1.7
database and it was not there. Did this gaping security hole disappear in
the 8i database? I sure hope so.
Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater
set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I don't know if this
has something to do with it.
Thanks,
Dave
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Farnsworth, Dave
INET: DFarnsworth_at_Ashleyfurniture.com
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists --------------------------------------------------------------------To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Wed Jul 25 2001 - 14:29:55 CDT
 |
 |