| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Question about Archivemode
if someone logs in as outln or dbsnmp for example...
could they drop or delete one thing with one command to disable a database that is not in archivelog mode and is only doing nightly tape back ups?
"Liggs" <liggs_at_hotmail.com> wrote in message
news:ah529t$eq4$1_at_paris.btinternet.com...
>
> The worstest of the worse would be to introduce some subtle corruption
into
> the datafiles such that
> the effect/detection was not immediate. Binary editing datafiles etc. or
> using some DBMS package
> that could do it for you. So somewhere down the line (days/weeks/months)
> the database stops working.
> As there would have been shedloads of commited business critical data gone
> in already, so repairing it
> would be a nightmare as recovery would be pointless.
> You would effectively 'lose' some data, but you would not know what.
> Not sure what safeguards you could put on the database to detect it sooner
> (esp. if you were unaware of the
> intrusion - if you do know someones done something recently then its
> structural/full exports and dbverify time....).
> Depends on how paranoid you are. Remember that if someone can log in as
> 'oracle' at the O/S level they can
> blatt the data files as usually the 'oracle' user owns them.
>
> Nasty horrible thoughts... ugh. make it stop.
>
> "Howard J. Rogers" <howardjr2000_at_yahoo.com.au> wrote in message
> news:ah4vub$i8p$1_at_lust.ihug.co.nz...
> >
> > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > news:TYmZ8.92772$%%2.3973511_at_news2.east.cox.net...
> > > If Im a hacker and I log into someones DB, what is the quickest way to
> > make
> > > it unuseable? Lets say you have an account with DBA access? I mean the
> > whole
> > > database with many tablespaces? IS there one thing you can destroy?
> > >
> > > Im trying to convince some co-workers of how easy it would be.
> > >
> >
> > Well, I'm not sure that this is entirely appropriate advice, so I'll
> preface
> > it by saying that it is practically impossible to destroy an Oracle
> > database, unless you have an early and unpatched release of Oracle 9i
(!).
> >
> > So if the only access to the system you've got is a DBA logon, then you
> > can't "destroy" the database. But you can make life hard for the DBA by
> > doing something as simple as dropping a tablespace. That's a nasty one
to
> > reccover from, because it involves restoring the controlfile, too. But
> it's
> > still recoverable, eventually.
> >
> > Dropping an important table would be a pain, too, and since it would
> involve
> > an incomplete recovery, that would definitely result in the loss of some
> > committed data. But again, that's not really "destroying" a database, is
> it?
> >
> > If you could log on with *SYS*DBA privileges, things are a bit
different.
> > Nothing to stop SYS doing a 'delete from obj$', for example. And since
> that
> > table stores details of every other object in the database, that's
rather
> > nasty. Again, recoverable with an incomplete recovery, provided you're
in
> > archivelog mode.
> >
> > If you're not in archivelog mode, then any and all of the above
> suggestions
> > would necessitate the restoration of your last cold backup, and
> potentially
> > large quantities of data would be lost. If you're in archivelog mode,
any
> > and all of the above can be recovered from with much less data loss.
> >
> > Of course, a true hacker would want O/S access, so as to be able to do
any
> > of the above, and then delete all prior backups and archives. Then
you're
> in
> > trouble.
> >
> > But this isn't really saying anything more than 'if your security is
> > non-existent, of course damage can be done'. With just routine DBA
> > privileges, you can cause a great deal of inconvenience, and maybe some
> data
> > loss, but you can't "destroy" a database.
> >
> > Regards
> > HJR
> >
> >
> >
> > >
> > > "Howard J. Rogers" <howardjr2000_at_yahoo.com.au> wrote in message
> > > news:ah4r57$edm$1_at_lust.ihug.co.nz...
> > > > You can't drop the system tablespace. Try it, and you'll get an
error
> > > > message to that effect:
> > > >
> > > > SQL> drop tablespace SYSTEM;
> > > > drop tablespace SYSTEM
> > > > *
> > > > ERROR at line 1:
> > > > ORA-01550: cannot drop system tablespace
> > > >
> > > > Regards
> > > > HJR
> > > >
> > > >
> > > > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > > > news:a6lZ8.92703$%%2.3951072_at_news2.east.cox.net...
> > > > > Also if you drop the system tablespace does it wait for any kind
of
> > > > instance
> > > > > shut down or is it immediate? Im 99% sure its instant, but I need
to
> > > prove
> > > > > something to someone at work and I dont want to be wrong.
> > > > >
> > > > >
> > > > > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > > > > news:R4lZ8.92701$%%2.3951689_at_news2.east.cox.net...
> > > > > > Ok this is a really basic Backup and Recovery question.
> > > > > >
> > > > > > If someone drops the system tablespace, ie, an intruder.
> > > > > >
> > > > > > Is it possible to perform a backup from the redo logs in you are
> not
> > > in
> > > > > > archive mode or have any software like RMAN installed? Or do I
> have
> > to
> > > > > > recover from my last cold backup?
> > > > > >
> > > > > > For those of you who saw an earlier post of mine... no this did
> not
> > > > > happen.
> > > > > > :)
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Received on Wed Jul 17 2002 - 19:35:26 CDT
 |
 |