| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Funny sort of question re sys password
It's a good question, I think the phrase is too
"If you have access to the physical server, you too have
access to Oracle database data"
Oracle support will have to answer if this is not true, but
the reality says this is true.
What do you think.?
> All this has nothing to do with Oracle security - it's OS security.
>
> Igor Neyman, OCP DBA
> ineyman_at_perceptron.com
>
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Juan Cachito Reyes
> Pacheco
> Sent: Wednesday, March 10, 2004 9:32 AM
> To: oracle-l_at_freelists.org
> Subject: Re: Funny sort of question re sys password
>
> The principle of security says
> if you have access to the server (the physical computer) you have
> access to its data.
>
> For example in
> Oracle in NT, you drop the service and recreate it, this is the time it
> takes to recreate the service
> and restart the server.
>
> In NT, to bypass NTFS there is a floppy disk (cia software) used to
> restart
> with it you can change server password, fix regedit, copy files, etc.
> Other chance is install another nt installation that gives you acces to
> everything.
>
>
> ----- Original Message -----
> From: "Nuno Souto" <dbvision_at_optusnet.com.au>
> To: "Oracle L" <oracle-l_at_freelists.org>
> Sent: Wednesday, March 10, 2004 6:07 AM
> Subject: Funny sort of question re sys password
>
>
> > Someone at work maintains that it takes them 10 minutes to
> > break the Oracle SYS password security.
> >
> > And the Sun boof-head (a different person and I use the
> > term loosely...) assures me he's capable of doing so any time
> > he wants.
> >
> > Now, I've been away from this security stuff for a year or so and
> > I may well be wrong here, but breaking the password security
> > means cracking the Oracle encryption. While this may be possible,
> > I can't believe it only takes 10 minutes?
> >
> > Wouldn't it rather be a case of social engineering at work?
> > Or just a plain vanilla "change_on_install" case?
> >
> > <says he who used to change it to "changed",
> > with the obvious funny consequences>
> > Cheers
> > Nuno Souto
> > nsouto_at_optusnet.com.au
> > ----------------------------------------------------------------
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > ----------------------------------------------------------------
> > To unsubscribe send email to: oracle-l-request_at_freelists.org
> > put 'unsubscribe' in the subject line.
> > --
> > Archives are at http://www.freelists.org/archives/oracle-l/
> > FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
> > -----------------------------------------------------------------
> >
>
>
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request_at_freelists.org
> put 'unsubscribe' in the subject line.
> --
> Archives are at http://www.freelists.org/archives/oracle-l/
> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>
>
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request_at_freelists.org
> put 'unsubscribe' in the subject line.
> --
> Archives are at http://www.freelists.org/archives/oracle-l/
> FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Wed Mar 10 2004 - 10:44:53 CST
 |
 |