Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: strt<SID>.cmd security hole??

RE: strt<SID>.cmd security hole??

From: Farnsworth, Dave <DFarnsworth_at_Ashleyfurniture.com>
Date: Thu, 26 Jul 2001 03:27:37 -0700
Message-ID: <F001.00355B13.20010726034659@fatcity.com>

$Oracle_Home\database

Also, I forgot to mention that I am on windoze NT.

Dave

-----Original Message-----
Sent: Wednesday, July 25, 2001 4:07 PM
To: Multiple recipients of list ORACLE-L

Where is the strt<SID>.cmd file? I don;t see it anywhere under $ORACLE_HOME.
> -----Original Message-----
> From: Farnsworth, Dave [SMTP:DFarnsworth_at_Ashleyfurniture.com]
> Sent: Wednesday, July 25, 2001 4:47 PM
> To: Multiple recipients of list ORACLE-L
> Subject: strt<SID>.cmd security hole??
>
> I inherited an Oracle 7.3.4 database that nobody knew the internal
password
> for. So I was doing some research on metalink and came across an article
> that mentioned the strt<SID>.cmd file would have the password. I was
amazed
> to open up this file and see the unencrypted password for internal. I
then
> check my 8.0.5 database and the same thing. Then I checked my 8.1.7
> database and it was not there. Did this gaping security hole disappear in
> the 8i database? I sure hope so.
> Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater
> set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I don't know if this
> has something to do with it.
>
> Thanks,
>
> Dave
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Farnsworth, Dave
> INET: DFarnsworth_at_Ashleyfurniture.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: blair_at_pjm.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Farnsworth, Dave
  INET: DFarnsworth_at_Ashleyfurniture.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Thu Jul 26 2001 - 05:27:37 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US