Re: Question about Archivemode

They can do as much damage as the rights of the account they login as. On a Unix box if they can get a login as root then they can format the drive and make life very difficult. On NT if they get an administrator account they can format the drive. In Oracle they can drop tables, tablespaces etc. You could recover from those if you have good backups. If you don't then you are SOL. I would worry about, as someone else pointed out, more subtle things like changing data - something that might not get noticed or not noticed for a long time. The system still works, but the contents are wrong.

Destroying the database may not be the worst thing. Consider an airline. What system would probably be most hurt by hacking - hurt so badly that customers might never fly the airline again. Not the reservation or payroll systems. The system that holds the flight numbers, and types of planes and weights, and cargo placement. Imagine someone said the plane was a 747 instead of a 757. Much different flight requirements. (cargo placement etc.)
Jim

"Ryan" <rgaffuri_at_cox.net> wrote in message news:i3oZ8.92813$%%2.3991029_at_news2.east.cox.net...
> if someone logs in as outln or dbsnmp for example...
>
> could they drop or delete one thing with one command to disable a database
> that is not in archivelog mode and is only doing nightly tape back ups?
>
>
>
> "Liggs" <liggs_at_hotmail.com> wrote in message
> news:ah529t$eq4$1_at_paris.btinternet.com...
> >
> > The worstest of the worse would be to introduce some subtle corruption
> into
> > the datafiles such that
> > the effect/detection was not immediate. Binary editing datafiles etc.
or
> > using some DBMS package
> > that could do it for you. So somewhere down the line
(days/weeks/months)
> > the database stops working.
> > As there would have been shedloads of commited business critical data
gone
> > in already, so repairing it
> > would be a nightmare as recovery would be pointless.
> > You would effectively 'lose' some data, but you would not know what.
> > Not sure what safeguards you could put on the database to detect it
sooner
> > (esp. if you were unaware of the
> > intrusion - if you do know someones done something recently then its
> > structural/full exports and dbverify time....).
> > Depends on how paranoid you are. Remember that if someone can log in as
> > 'oracle' at the O/S level they can
> > blatt the data files as usually the 'oracle' user owns them.
> >
> > Nasty horrible thoughts... ugh. make it stop.
> >
> > "Howard J. Rogers" <howardjr2000_at_yahoo.com.au> wrote in message
> > news:ah4vub$i8p$1_at_lust.ihug.co.nz...
> > >
> > > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > > news:TYmZ8.92772$%%2.3973511_at_news2.east.cox.net...
> > > > If Im a hacker and I log into someones DB, what is the quickest way
to
> > > make
> > > > it unuseable? Lets say you have an account with DBA access? I mean
the
> > > whole
> > > > database with many tablespaces? IS there one thing you can destroy?
> > > >
> > > > Im trying to convince some co-workers of how easy it would be.
> > > >
> > >
> > > Well, I'm not sure that this is entirely appropriate advice, so I'll
> > preface
> > > it by saying that it is practically impossible to destroy an Oracle
> > > database, unless you have an early and unpatched release of Oracle 9i
> (!).
> > >
> > > So if the only access to the system you've got is a DBA logon, then
you
> > > can't "destroy" the database. But you can make life hard for the DBA
by
> > > doing something as simple as dropping a tablespace. That's a nasty one
> to
> > > reccover from, because it involves restoring the controlfile, too. But
> > it's
> > > still recoverable, eventually.
> > >
> > > Dropping an important table would be a pain, too, and since it would
> > involve
> > > an incomplete recovery, that would definitely result in the loss of
some
> > > committed data. But again, that's not really "destroying" a database,
is
> > it?
> > >
> > > If you could log on with *SYS*DBA privileges, things are a bit
> different.
> > > Nothing to stop SYS doing a 'delete from obj$', for example. And since
> > that
> > > table stores details of every other object in the database, that's
> rather
> > > nasty. Again, recoverable with an incomplete recovery, provided you're
> in
> > > archivelog mode.
> > >
> > > If you're not in archivelog mode, then any and all of the above
> > suggestions
> > > would necessitate the restoration of your last cold backup, and
> > potentially
> > > large quantities of data would be lost. If you're in archivelog mode,
> any
> > > and all of the above can be recovered from with much less data loss.
> > >
> > > Of course, a true hacker would want O/S access, so as to be able to do
> any
> > > of the above, and then delete all prior backups and archives. Then
> you're
> > in
> > > trouble.
> > >
> > > But this isn't really saying anything more than 'if your security is
> > > non-existent, of course damage can be done'. With just routine DBA
> > > privileges, you can cause a great deal of inconvenience, and maybe
some
> > data
> > > loss, but you can't "destroy" a database.
> > >
> > > Regards
> > > HJR
> > >
> > >
> > >
> > > >
> > > > "Howard J. Rogers" <howardjr2000_at_yahoo.com.au> wrote in message
> > > > news:ah4r57$edm$1_at_lust.ihug.co.nz...
> > > > > You can't drop the system tablespace. Try it, and you'll get an
> error
> > > > > message to that effect:
> > > > >
> > > > > SQL> drop tablespace SYSTEM;
> > > > > drop tablespace SYSTEM
> > > > > *
> > > > > ERROR at line 1:
> > > > > ORA-01550: cannot drop system tablespace
> > > > >
> > > > > Regards
> > > > > HJR
> > > > >
> > > > >
> > > > > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > > > > news:a6lZ8.92703$%%2.3951072_at_news2.east.cox.net...
> > > > > > Also if you drop the system tablespace does it wait for any kind
> of
> > > > > instance
> > > > > > shut down or is it immediate? Im 99% sure its instant, but I
need
> to
> > > > prove
> > > > > > something to someone at work and I dont want to be wrong.
> > > > > >
> > > > > >
> > > > > > "Ryan" <rgaffuri_at_cox.net> wrote in message
> > > > > > news:R4lZ8.92701$%%2.3951689_at_news2.east.cox.net...
> > > > > > > Ok this is a really basic Backup and Recovery question.
> > > > > > >
> > > > > > > If someone drops the system tablespace, ie, an intruder.
> > > > > > >
> > > > > > > Is it possible to perform a backup from the redo logs in you
are
> > not
> > > > in
> > > > > > > archive mode or have any software like RMAN installed? Or do I
> > have
> > > to
> > > > > > > recover from my last cold backup?
> > > > > > >
> > > > > > > For those of you who saw an earlier post of mine... no this
did
> > not
> > > > > > happen.
> > > > > > > :)
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Received on Thu Jul 18 2002 - 21:36:53 CDT