Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle versus Sqlserver

Re: Oracle versus Sqlserver

From: Joel Garry <joel-garry_at_home.com>
Date: 28 Jan 2002 15:13:19 -0800
Message-ID: <91884734.0201281513.23b339b0@posting.google.com> 





kc_news2000_at_yahoo.com (kc) wrote in message news:<a20fe1ab.0201250737.61d608a8_at_posting.google.com>...


> I have never

> encountered an Oracle box that did not have a password for the "SYS"

> or "SYSTEM" account. 




Guess you've never seen an OPS$ORACLE or connect internal or remote
authentication.  But to be honest, many places are incredibly lax
about their operating system passwords for oracle accounts.  And I
consider it likely that things will get worse with sysdba and and
sqlnet, er, net8, er, authentication and so forth, as places
purposefully go around security for ease of use.  Until something
nasty happens, of course.  On the other hand, some places are so
paranoid they won't install agents.  As a former cow-orker used to
say, "It ain't security unless it hurts."



> 

> Meanwhile the script kiddies are pillaging the weak and

> misconfigured.......




Have a better method for people to learn about security?



jg

--
insert into dual values ('N');
insert into dual values ('M');
insert into dual values ('A');
select * from dual where dummy <> 'X' order by dummy;


Received on Mon Jan 28 2002 - 17:13:19 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US