Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole

Re: Oracle 9i DB Security Hole

From: Nuno Souto <nsouto_at_optushome.com.au.nospam>
Date: Fri, 19 Apr 2002 21:12:59 +1000
Message-ID: <3cbffc9e$0$15477$afc38c87@news.optusnet.com.au> 





In article <3CBEDF46.AA69F910_at_ca.ibm.com>, you said (and I quote):


> Self-control by their main competitor - and it's hard - trust me.




Well done, Serge!  Hang in there and I won't tell anyone how I found the 
administrator password for the UDB server in our office.  ;-)



Seriously: I'm quite impressed with the speed with which Oracle fixed 
this.  Not as impressed with their fix for Windoze, though...  Oh well, 
can't have everything.  



What gets me is: Oracle obviously paid a lot of money to some companies 
to get 9i certified for security compliance.  How come such a gaping hole 
sneaked through?  What sort of testing for security was really done?  One 
wonders if it is worth spending the $$$ on these "certifications"...


-- 
Cheers
Nuno Souto
nsouto_at_optushome.com.au.nospam


Received on Fri Apr 19 2002 - 06:12:59 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US