Re: Fw: OT - Getting fired for database oops
Date: Mon, 25 May 2009 08:45:40 -0700
On Sat, May 23, 2009 at 10:42 AM, Andre van Winssen <dreveewee_at_gmail.com>wrote:
> And protect/audit your login.sql and glogin.sql (on the oracle server side
> in particular) otherwise some bad person might inject "grant dba to public"
> into it without you noticing it :-)
I wonder how much of a threat that actually is?
In the case of glogin.sql, probably not much, as anyone with the ability to modify that file can already logon as sysdba.
login.sql could be vulnerable however, if you are lax with your home security settings. (check your umask)
Certifiable Oracle DBA and Part Time Perl Evangelist