Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Hacking An Oracle Session : Is It Possible?

Re: Hacking An Oracle Session : Is It Possible?

From: Aakash <daakash_at_yahoo.com>
Date: 14 May 2004 23:47:28 -0700
Message-ID: <83fd0b82.0405142247.3a1a3a24@posting.google.com>


Thanks for the response, i am asking this just to get an security perspective, a group of colleagues were disscussing about this when we came upto this point,
most of us were of the opinion that its not possible. hence i thot i wud put it up here to get views from all over.

the actual disscussion was like " if an sql*plus session is in progress, can anyone get into the active sql*plus session and play around with the transactions happening, without know the username/passwd being used by the session"

thanks again, any more view will be appreciated.

Hans Forbrich <forbrich_at_yahoo.net> wrote in message news:<6Dbpc.8769$j6.8739_at_edtnps84>...
> Aakash wrote:
>
> > hello everyone,
> >
> > after a client machine,say SQL*Plus, establishes a session with the
> > oracle database , is it possible to intrude into the established
> > session? i.e is it possible to get into the session layer of the
> > oracle session? is oracle vulnerable to such an hacking?
>
> Not if your network is protected.
>
> Very very difficult if your network is open and sniffable.
>
> You might want to look at http://www.petefinnigan.com for a gernreal
> discussion of Oracle security.
>
> /Hans
Received on Sat May 15 2004 - 01:47:28 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US