Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle versus Sqlserver
kc_news2000_at_yahoo.com (kc) wrote in message news:<a20fe1ab.0201250737.61d608a8_at_posting.google.com>...
> I have never
> encountered an Oracle box that did not have a password for the "SYS"
> or "SYSTEM" account.
Guess you've never seen an OPS$ORACLE or connect internal or remote authentication. But to be honest, many places are incredibly lax about their operating system passwords for oracle accounts. And I consider it likely that things will get worse with sysdba and and sqlnet, er, net8, er, authentication and so forth, as places purposefully go around security for ease of use. Until something nasty happens, of course. On the other hand, some places are so paranoid they won't install agents. As a former cow-orker used to say, "It ain't security unless it hurts."
>
> Meanwhile the script kiddies are pillaging the weak and
> misconfigured.......
Have a better method for people to learn about security?
jg
-- insert into dual values ('N'); insert into dual values ('M'); insert into dual values ('A'); select * from dual where dummy <> 'X' order by dummy;Received on Mon Jan 28 2002 - 17:13:19 CST