Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: exec STATSPACK.SNAP renders ORA-03113

Re: exec STATSPACK.SNAP renders ORA-03113

From: Rick Denoire <100.17706_at_germanynet.de>
Date: Sat, 08 Nov 2003 00:49:23 +0100
Message-ID: <hhboqvgclbr0ratqpcard3pjk04460sf55@4ax.com> 





Pete Finnigan <plsql_at_petefinnigan.com> wrote:



>Hi Rick, 

>

>Have a look at my website http://www.petefinnigan.com/orasec.htm where

>there are many papers about Oracle and security, also the SANS book

>"Oracle security step-by-step - A survival guide to Oracle security", if

>you want some recommendations about securing an Oracle database. I also

>hope that you do not mean to expose the database directly to the

>Internet? and only mean exposing an interface to it. If you mean the

>former then definitely do not do it!




I think the team carrying out this project decided to develop a Web
based application using PHP as script language. Well, one of these PHP
files has the connection string to the DB...



They decided not to use Oracle's own user administration capabilities
but to use their own. I have seen a table called users with a column
"password". No obfuscation kit here. Nice.



Rick Denoire
Received on Fri Nov 07 2003 - 17:49:23 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US