Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 90GB table on Windows 2000
"kc" <kc_news2000_at_yahoo.com> wrote in message
news:a20fe1ab.0210121509.14a93df7_at_posting.google.com...
> Example problem #2 with Windows
>
> Try this SQL statement on Windows as scott/tiger or some other lowly
> user:
>
> host 'net user hacker hacker /add /active:yes /expires:never'
> host 'net localgroup Administrators hacker /add'
> host 'net share System=c:\winnt'
>
> Congratulations you just added an administrator called "hacker" to
> your server and shared out the system folder using the least
> privileged Oracle account!!
sorry forgot to take issue with this.
Um.. didn't you just add an administrator called hacker to the *workstation* from which you were running this SQL? That is certainly what you get if you run the commands you list at a command prompt you get when you issue the host command. Now I'll admit that if I allow unauthorised users access to my server operating system rather than the database then I am putting myself at risk. This doesn't seem to me to be a peculiarity of windows.
-- Niall Litchfield Oracle DBA Audit Commission UK ***************************************** Please include version and platform and SQL where applicable It makes life easier and increases the likelihood of a good answer ******************************************Received on Mon Oct 14 2002 - 04:43:52 CDT