Re: Fw: OT - Getting fired for database oops

From: Jared Still <>
Date: Mon, 25 May 2009 08:45:40 -0700
Message-ID: <>

On Sat, May 23, 2009 at 10:42 AM, Andre van Winssen <>wrote:

> And protect/audit your login.sql and glogin.sql (on the oracle server side
> in particular) otherwise some bad person might inject "grant dba to public"
> into it without you noticing it :-)

I wonder how much of a threat that actually is?

In the case of glogin.sql, probably not much, as anyone with the ability to modify that file can already logon as sysdba.

login.sql could be vulnerable however, if you are lax with your home security settings. (check your umask)

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

Received on Mon May 25 2009 - 10:45:40 CDT

Original text of this message