Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle 9i on Windows 2003 -- Vulnerability Question

Re: Oracle 9i on Windows 2003 -- Vulnerability Question

From: Jared Still <jkstill_at_gmail.com>
Date: Thu, 30 Nov 2006 15:38:35 -0800
Message-ID: <bf46380611301538j1de90db5j2e4cfcb57ac231b7@mail.gmail.com> 





On 11/30/06, Panosian, Estifan <EPanosian_at_edc.ca> wrote:


>

> Hello,

>

> I am trying to make our database more secure, one of the scenarios we

> came up is:

> 'what if an internal hacker (somehow) gets to our database server?'

>




If an intruder gets to you database server, the game is pretty much over
isn't it?



Aside from encrypting the data so that is not accessible by simple
SELECT statements (Oracle Advanced Securityt, Data Vault) the
intruder pretty much has free reign.



Or perhaps you're just referring to the Oracle Instance itself as
the server?  In that case, if your database has not been patched
to the Oct 2006 CPU level, then any account with a SELECT privilege
on a table will have the ability to perform DML on your data. If your
version of Oracle is an old one that is no longer patched, there's
not much you can do to prevent this.


-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l


Received on Thu Nov 30 2006 - 17:38:35 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US