Re: looking for upgrade time estimate

Tanel Poder wrote:

> Hi!
>
> > 9i disk requirements are not substantially higher than 8i if you go
> through,
> > after the installation, and prune out the gigabytes of help, doc, sample,
> demo,
> > template, and other unnecessary files. Effectively everything with .zip,
> .mov,
> > .avi, .gif, .html, .pdf can go. And if you look at the google.com archives
> a
> > year or so back you will find some decent lists of other larger files that
> can
> > go as well. Personally I see no reason to even keep mos of what is in
> > \rdbms\admin on a server ... it is nothing but a security hole.
>
> Erm.. could you enlighten me, why keeping those files under rdbms/admin is a
> security hole?
> They are the same in every copy of a specific release, so it doesn't matter
> where do I get them from, server's disk or OTN. Or is there some threatening
> information written by Oracle Installer?
>
> Thanks,
> Tanel.

Go into any one of those scripts that will be run routinely and create your own procedure ... that when run does anything you wish from creating users, to roles, to procedures, to whatever. It is a technique known as SQL Injection. And I can think of many of those scripts that get run routinely by DBAs that never once look to see if they have been modified.

A few lines of code in utlxplan.sql, for example, and you are SYS.

Daniel Morgan Received on Wed Mar 05 2003 - 18:04:41 CST