Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: strt<SID>.cmd security hole??

RE: strt<SID>.cmd security hole??

From: Farnsworth, Dave <DFarnsworth_at_Ashleyfurniture.com>
Date: Thu, 26 Jul 2001 03:33:36 -0700
Message-ID: <F001.00355AE0.20010726034033@fatcity.com>

Yes, it's windoze NT 4.0.

-----Original Message-----

Sent: Wednesday, July 25, 2001 5:01 PM
To: Multiple recipients of list ORACLE-L

Dave,

What's the platform? NT?

Jared  

                    "Farnsworth, Dave"

                    <DFarnsworth_at_Ashleyfurn       To:     Multiple
recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>        
                    iture.com>                    cc:

                    Sent by:                      Subject:     strt<SID>.cmd
security hole??                                 
                    root_at_fatcity.com

 

 

                    07/25/01 01:47 PM

                    Please respond to

                    ORACLE-L

 

 





I inherited an Oracle 7.3.4 database that nobody knew the internal password for. So I was doing some research on metalink and came across an article that mentioned the strt<SID>.cmd file would have the password. I was amazed
to open up this file and see the unencrypted password for internal. I then check my 8.0.5 database and the same thing. Then I checked my 8.1.7 database and it was not there. Did this gaping security hole disappear in the 8i database? I sure hope so.
Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I don't know if this has something to do with it.

Thanks,

Dave
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Farnsworth, Dave
  INET: DFarnsworth_at_Ashleyfurniture.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author:
  INET: Jared.Still_at_radisys.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Farnsworth, Dave
  INET: DFarnsworth_at_Ashleyfurniture.com
Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists

--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Jul 26 2001 - 05:33:36 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US