Listers:
My client has asked me to look into this issue and determine if they should
be concerned about it or not. Since they don't have any db's directly
accessible from the Internet and since their LAN is very secure anyway, I'm
inclined to not apply any patches based on the premise that if it
On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon Walthour wrote:
Listers:
My client has asked me to look into this issue and determine if they should
be concerned about it or not. Since they don't have any db's directly
accessible from the Internet and since their LAN is very secure anyway,
,
etc.
then they need to keep this info and patch as part of their migration
plan.
Rodd
Original Message
On 7/18/01, 6:45:57 AM, Jon Walthour [EMAIL PROTECTED] wrote regarding Re:
security problem with 8i:
Listers:
My client has asked me to look into this issue and determine
Although there has been so much publicity of security holes in Oracle, in
particular the listener, the one hole that really causes me concern is the
default passwords for sys and system and/or using the username as a password.
Over the past 2 years I've been to a few sites, like 4, at a
there's also the ALL POWERFUL
scott/tiger account to consider!
-Original Message-
Sent: Wednesday, July 18, 2001 11:07 AM
To: Multiple recipients of list ORACLE-L
Although there has been so much publicity of security holes in Oracle,
in
particular the listener, the one hole that
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
particular the listener, the one hole that really
causes me concern is the
default passwords for sys and system and/or using
the username as a password.
Over
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing passwords around is on my todo list, but it's
often not as simple as just changing it. There may be
other ramifications, like it's a FailSafe database for
instance.
Or a 3rd
I wish I was.
Reply Separator
Author: =?iso-8859-1?q?paquette=20stephane?= [EMAIL PROTECTED]
Date: 7/18/2001 7:25 AM
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
particular the listener, the one hole that really
causes me concern is the
default
JS,
I think DG did this and mail got
crossed.
HTH,
RM
-Original Message-
Sent: Wednesday, July 18, 2001 11:51 AM
To: Multiple recipients of list ORACLE-L
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing
]
Subject: Re: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
particular the listener, the one hole that really
causes me concern
Rachel Carmichael wrote:
and log in as system/manager
I do what they ask me to, then take my old boss aside and explain (gently)
that he has a security hole in his highly secured system that I could
drive a truck through.
you, my dear goddess, are way to kind.;-)
--
Bill Shrek Thater
-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: Re: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle
Oh yeah! I've got one even better! When I joined a previous company, their
*Web-accessible* application's administration username/password was
admin/admin! Their production Oracle DB - accessed via the admin/admin
protected app - had system/manager and mps/mps (mps stands for Main
Production
a security hole in his highly secured system that I could
drive a truck through.
From: paquette stephane [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: Re: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Farnsworth, Dave wrote:
This is the way my current employers shop was. After I started here as a
SQL Server DBA I was told they want me to become the Oracle DBA for a new
third party app they were getting. They already had two other apps using
Oracle. These other apps were up and running
nah, I LIKED this boss :)
From: Thater, William [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: Re: security problem with 8i
Date: Wed, 18 Jul 2001 09:02:52 -0800
Rachel Carmichael wrote:
and log in as system/manager
I do
Not at all. Just last week I had a vendor who came in to install a
package. They were very upset because SYS didn't have the standard
password and their install script wouldn't work.
I questioned their use of the SYS schema for the installation but powers
wiser than me had me change the SYS
Rachel Carmichael wrote:
nah, I LIKED this boss :)
never had one of those.;-)
--
Bill Shrek Thater Certifiable ORACLE DBA
Telergy, Inc.[EMAIL PROTECTED]
~~
You gotta program like you don't need the money,
You gotta compile like
In my book, it was a job.
Reply Separator
Author: [EMAIL PROTECTED]
Date: 7/18/2001 9:48 AM
Not at all. Just last week I had a vendor who came in to install a
package. They were very upset because SYS didn't have the standard
password and their
My old job had never changed any of the default passwords. And the reason
why standard passwords are kept is because it is 'easy to remember'. Go
figure...
-Original Message-
Sent: Wednesday, July 18, 2001 1:48 PM
To: Multiple recipients of list ORACLE-L
Not at all. Just last week I
Hi All,
i am not sure if this has already been posted or not, but..
--29 June 2001 Oracle8i Database Buffer Overflow Vulnerability
Security experts found and disclosed a pair of vulnerabilities in the
standard and enterprise editions of Oracle8i database. The Transport
Network Substrate
22 matches
Mail list logo