Re: bbed?

I don't see what the big deal is.

Anyone with access to it could just as easily go at the files with any binary capable editor. This is a tool, and a learning aid if you're curious about Oracle internals. On test databases only.

There are so many methods available to compromise a database that I think it's kind of silly to be worried about this. (Just wait until I get my copy of Litchfield's new book. )

If the executable exists on sensitive systems, just delete it.

It is installed by default on many versions of Windows, though I can't recall which ones.

Jared

On 2/1/07, oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> wrote:
>
> True Mark, but then in the doc he is showing you just how long it is.
> All you have to do is count the dots & apply some logic. Not exactly a
> secured application. You would think that they would ship the rdbms
> with something missing to build this puppy.
>
>
>
> Dick Goulet, Senior Oracle DBA
>
> 45 Bartlett St Marlborough, Ma 01752, USA
> Tel.: 598.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795
>
> RGoulet_at_kanbay.com
>
> : POWERING TRANSFORMATION
>
>
> -----Original Message-----
> From: Bobak, Mark [mailto:Mark.Bobak_at_il.proquest.com]
> Sent: Thursday, February 01, 2007 11:04 AM
> To: Richard J. Goulet; wjwagman_at_ucdavis.edu; oracle-l
> Subject: RE: bbed?
>
> Which is why it's password protected. But, let's not open that can of
> worms again....
>
> To anyone who wants to know the password:
> If you really want to use it, you should be clever enough to find the
> password. Don't ask people to tell you what it is. ;-)
>
> -Mark
>
>
> --
> Mark J. Bobak
> Senior Oracle Architect
> ProQuest Information & Learning
>
> There is nothing so useless as doing efficiently that which shouldn't be
> done at all. -Peter F. Drucker, 1909-2005
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Richard J. Goulet
> Sent: Thursday, February 01, 2007 10:27 AM
> To: wjwagman_at_ucdavis.edu; oracle-l
> Subject: RE: bbed?
>
> Bill,
>
> I just looked through a 10.2.0.2 system we have & did not find
> bbed either, but I followed the command to build it, namely make -f
> ins_rdbms.mk $ORACLE_HOME/rdbms/lib/bbed in the $ORACLE_HOME/rdbms/lib
> directory & the darned thing built as stated. And to boot there is a
> target in the make file for the stinker. I think this is one tool that
> could really cause a lot of trouble.
>
>
>
> Dick Goulet, Senior Oracle DBA
>
> 45 Bartlett St Marlborough, Ma 01752, USA
> Tel.: 598.573.1978 |Fax: 508.229.2019 | Cell:508.742.5795
>
> RGoulet_at_kanbay.com
>
> : POWERING TRANSFORMATION
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org
> [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of William Wagman
> Sent: Wednesday, January 31, 2007 8:40 PM
> To: oracle-l
> Subject: bbed?
>
>
> Someone just passed this on to me. I checked a coupl of my systems and
> didn't find it. It's an editor for modifying dbfs. The page:
>
> <http://www.petefinnigan.com/weblog/archives/00000999.htm>
>
> refers to ways of misusing the tool. The PDF paper has a few pages of
> instructions, then some interesting examples of the tool's uses starting
> on page 25.
>
> Bill Wagman
> Univ. of California at Davis
> IET Campus Data Center
> wjwagman_at_ucdavis.edu
> (530) 754-6208
> --
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l