| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Security audit of Oracle databases
Oracle's security problems are often not database related. A default =
9.2 install will install an HTTP listener and an ftp service. Both of =
these are prime targets for attackers and both have had exploits written =
against them. These prolems were addressed in a patchset, but it is =
quite possible different holes will be found in them.
Oracle's desire to be much more than a database, to make things easier = to accomplish, ameans the DBA has to understand much more than the = database.=20
Oracle's willingness to allow potential customers to download the = product and take it for a test spin is great. Suppose however, someone = installs Oracle on his desktop. The installation will not be maintained, = it will not be patched. The possibiliy for compromise is signifiicant. = The person who only wanted to learn Oracle and discovers someone has = taken over his machine.
Ian MacGregor
Stanford Linear Accelerator Center
ian_at_slac.stanford.edu
-----Original Message-----
From: oracle-l-bounce_at_freelists.org =
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Jared Still
Sent: Tuesday, April 12, 2005 8:01 AM
To: niall.litchfield_at_gmail.com
Cc: stephenbooth.uk_at_gmail.com; wisernet100_at_gmail.com; =
oracle-l_at_freelists.org
Subject: Re: Security audit of Oracle databases
On 4/12/05, Niall Litchfield <niall.litchfield_at_gmail.com> wrote:
>=20
> On windows of course you can always run any executable under different
> credentials, if you are an administrator, but then to be blunt it =
makes
> sense for dbas to be admins on windows boxes anyway.
--=20
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
-- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-lReceived on Tue Apr 12 2005 - 13:39:34 CDT
 |
 |