Re: Oracle 9i DB Security Hole

The dialogue on this Usenet group is pathetic, to put it mildly - I quit reading the Oracle Usenet groups years ago but was directed back by the article on theinquirer.net( other than there and in a few discussion groups there has been not a peep about all this ). Anyone with half a brain, upon reading the original post on Mon., and with a few minutes of testing would have grasped the awful and awesome truth
- and at that point would have shut down their 9.0.1 db. Oracle has
released a patch using the same bug # that was logged back in Dec. ( thus announcing the problem to the world ).

    You may know( on second thought you probably don't ) that 9.0.1 installs with username: dbsnmp / password: dbsnmp - account unlocked - this un has connect role by def., which includes create view - thus the global R/W access.

    I'm rather sorry to see what happened here - I've suffered for years with Oracle, turning me into one of their many critics but also one of their biggest fans( especially considering the competition ). I perceive that there are many competing camps within any large corp.
- they don't speak as one monolithic entity and what they do say is
skewed from the top and amongst their willing water-boys, the media. So there needs to be an institutional discipline that makes it possible to deal with problems like this in a timely, straightforward and plain-spoken manner. Was that the case here - you be the judge. Received on Thu Apr 18 2002 - 11:01:17 CDT