Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security Questions

Re: Security Questions

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Tue, 24 Jan 2006 11:14:14 -0500
Message-ID: <20060124161414.GB22317@cns.vt.edu> 





The sans folks seem to think that having a handle on the 
default role pws is a good idea, but I don't know what the 
vulnerability is, note it is sev 1:



http://www.sans.org/score/oraclechecklist.php


Action Description 		       	  Severity Level O/S   Oracle    Default 
                                          level                Version   Install
2.2.11 Audit known default role passwords 1 	   ALL 	       ALL 	YES





The severity levels are set between 1 and 5 (1 indicating the highest level).




On Tue, Jan 24, 2006 at 10:25:04AM -0500, J. Dex wrote:


> 

> Does it matter if standard Oracle roles are NOT password protected?  Does 

> it only need to be non-standard roles that are password protected?


--
http://www.freelists.org/webpage/oracle-l


Received on Tue Jan 24 2006 - 10:14:14 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US