Typical DB install - security risk?

I just installed the typical database during an Oracle 8i installation on a Windows 2000 server. After the installation, I went into DBA studio and noticed that a lot of users have been created for me. My very newbie question is, which accounts can I delete and which accounts must I keep? There is SYS (password:change_on_install). I'm assuming that I am supposed to change this password and keep the account? I keep hearing a lot about Scott (password:tiger(?)). Yes he is on my system, but his password isn't 'tiger'. I don't know what it is, but I can't login to DBA studio with his account. I suspect I'm doing something wrong. Can I delete this account? There are a bunch of other accounts with various names. I have no idea what their passwords could be. Is it ok to simply modify the database that the Oracle installed created for me during the typical installation for my purpose. Should I delete the database and create another from scratch? I would rather just modify this one. Since I've had so many problems configuring the listener after creating an Oracle databases from scratch, I would like to simply keep and modify this database that the Oracle Installer configured for me perfectly (I think?). I'm just not sure if there are any security loop-holes in this preconfigured database? Also, what is the importance of the extproc... database that is alway located above my database? Is my database somehow datalinked to this database for PL/SQL calls?

Thanks for your help,

Brian Received on Fri Oct 27 2000 - 01:02:46 CDT