Re: V$ tables

yong321_at_yahoo.com (Yong Huang) wrote in message news:<b3cb12d6.0206160916.51afab11_at_posting.google.com>...
>
> I don't see any version of Oracle where dba_db_links has password.
> Maybe he was thinking of sys.link$, which still has password as of
> 9.0.1. There's been a feature enhancement request to tighten this
> security for a while.

IIRC, in V7 and before you could actually see the text of the password for db links in the dba_db_links view.

>
> How do you get the system password? Care to elaborate? Hey, I want to
> be a hacker!

A lot of people think that "hacking" is some obscure art that only a few can practice. I'll skim over the term itself and accept for a moment that it means something "bad", although the correct term is "cracking". Basically, it means knowing a bit about computers in general and having \ a lot of common sense power of observation.

In DB2, you do a binary dump of one of the database files. It's there, unencrypted within the first 100 bytes or so of the file. Use the "strings" and "more Unix commands and you're done. In Oracle you do a search in the usual "crontab" directories, looking for DBA scripts to do things like exports and other maintenance. 9 times out of 10 they are readable by public and with a hard-coded password somewhere in the script. Also, use "ps" from time to time. If the site has not guarded against it, you'll see the passwords in some command lines. Even if the site has replaced ps, you'll find that most likely there is a copy of the original "hidden" somewhere.

And so on.

> The DBAs that are afraid of granting permission to look at v$ views
> are more likely Windows, not UNIX, Oracle DBAs. I feel that people
> working in the UNIX world are more willing to open up. That's my
> impression. No proof.

Same here. Again, gut feel.

Cheers
Nuno Souto Received on Sun Jun 16 2002 - 19:19:03 CDT