Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Litchfield on October patch

RE: Litchfield on October patch

From: <JayMiller_at_TDWaterhouse.com>
Date: Fri, 28 Oct 2005 17:24:59 -0400
Message-ID: <5B257A26B4845C469B87871B6CEFE5070331AF9E@usnjc04wmx003.tdwaterhouse.com>


Unfortunately as of 10.2 Oracle does not provide syntax for database creation (most of it is the same but I always worry about new features). All I found on Metalink were the instructions that if you *really* don't want to use DBCA then use DBCA to generate the scripts and run them yourself.

I did so and did a fair amount of modifying but I'm still a bit p***ed off about it.

Jay Miller  

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] Sent: Thursday, October 20, 2005 10:54 AM To: Rich.Jesse_at_quadtechworld.com; bdbafh_at_gmail.com; stellr_at_cns.vt.edu Cc: oracle-l
Subject: RE: Litchfield on October patch

Exactly. DBCA is a beast that should be put to sleep. It cruds the database up with stuff that you don't need, and that Oracle wants to charge you for. We never use it.

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Jesse, Rich Sent: Thursday, October 20, 2005 10:49 AM To: bdbafh_at_gmail.com; stellr_at_cns.vt.edu
Cc: oracle-l
Subject: RE: Litchfield on October patch

Better yet, just don't use the dbca.

Rich

"E-vil. Like the fru-its of the dev-il, E-vil."

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Paul Drake Sent: Wednesday, October 19, 2005 6:09 PM To: stellr_at_cns.vt.edu
Cc: oracle-l
Subject: Re: Litchfield on October patch

On 10/19/05, Ray Stell <stellr_at_cns.vt.edu> wrote:
> from bugtraq:
>
> Having downloaded and given the Oracle October patch a cursory
examination,
> some of the flaws Oracle told me were being fixed, remain exploitable.
Once
> again the patch is not sufficient. I will conduct a full investigation
of
> the patch over the coming few days and post some recommendations once
> complete. Incidently, it's good to see that the NGS Disclosure policy
of not
> publicly releasing details of the flaws "fixed" seems to work as a
useful
> fail safe mechanism.
>
> More to follow...
> Cheers,
> David Litchfield
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> ======================================================================
> Ray Stell stellr_at_vt.edu (540) 231-4109 Tempus fugit 28^D
> --
> http://www.freelists.org/webpage/oracle-l

This one will knock out vulnerabilities DB [17-25]: Steps for Manual De-installation of Oracle Spatial http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_d atabase_id=NOT&p_id=179472.1

Basically, the schema mdsys is created by default in a dbca db, even if the spatial option is not being installed. In theory, the following:

SQL> drop user spatial cascade;

should do the trick.
The referenced doc was for 9i and not apparently updated for 10g.

As always, test on a destructo box first.

Paul

--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l

-----------------------------------------
This message is confidential and sent by TD Waterhouse solely for use
by the intended recipient.  If you are not the intended recipient, you
are hereby notified that any use, distribution or copying of this
communication is strictly prohibited.  This should not be deemed as an
offer or solicitation, to buy or sell any product. Any 3rd party
information contained herein was prepared by sources deemed reliable,
but is not guaranteed.  TD Waterhouse does not accept electronic
instructions that would require an original signature. Information
received by or sent from TD Waterhouse is stored, subject to review,
and may be produced to regulatory authorities or others with a legal
right to such.

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 28 2005 - 16:29:46 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US