I think you mis-understood. The inclusion of hashed passwords per se is not
the problem. It's that his database is publicly accessible over the Internet
(and with some serious privilege issues, to boot.... it might, for example,
be time to change the default passwords for certain, er, crucial
accounts -and I'm not talking OUTLN!) and thus open to any degree of
compromise anyone might care to throw at it.
Regards
HJR
"Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote in message
news:7cvriusdmcnsn4gcltiu33sun2md2fhbt6_at_4ax.com...
> On Fri, 12 Jul 2002 06:53:49 +1000, "Howard J. Rogers"
> <dba_at_hjrdba.com> wrote:
>
> >It needs fixing as a matter of some urgency, that's for sure.
>
> Well, it has been there for ages hasn't it, all the way up from the
> Oracle 7 base release.
>
> Regards
>
>
> Sybrand Bakker, Senior Oracle DBA
>
> To reply remove -verwijderdit from my e-mail address
Received on Thu Jul 11 2002 - 17:04:13 CDT
