Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: Create a new user

Re: Create a new user

From: Frank <franjoe_at_frisurf.no>
Date: Fri, 16 Mar 2001 20:53:39 +0100
Message-ID: <Hfus6.332$GG4.5343@news1.oke.nextra.no> 






Hi!



The original question was that what could be done if a hacker came across a
SQLPlus logged in as DBA, and what could be done "....such that [it] can be
exploitet much later."  The immediate risks are fairly obvious.
Im interpreting the question as:How can someone create a security breach
that can be misused later(months/years) for benefit?
e.g someone can query sensitive data, "adjust" invoices or similar, in the
application.


I business hacker may not benefit much from drop'ping tables in a
application, because it will soon be discovered,
and the breach secured (as easy as you describe).



Frank
Received on Fri Mar 16 2001 - 13:53:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US