OraFAQ Forum: Security » Resarch by title "securing oracl database from search engine attack"

Home » RDBMS Server » Security » Resarch by title "securing oracl database from search engine attack"

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

Resarch by title "securing oracl database from search engine attack" [message #465569]

Wed, 14 July 2010 18:01

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

Resarch by title "securing oracl database from search engine attack"

Report message to a moderator

Resarch by title "securing oracl database from search engine attack [message #465571 is a reply to message #465569]

Wed, 14 July 2010 18:03

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

hi guys,
i want us to help me in my point of seach
this research by title"securing oracle database from sarch engine attack"the idea was came from reading article by title "search engine used to attack database
it talk about the dangrous of search engine in finding data and obtaining url's for database engine an entering with default username/passwod ,trying to get data .
NOTE:really i reached to url for open collage that give master an phd remotly by this way
hen,

i searched alot and get more informayion about this topic ,

but want us to help me by their advices and suggestions about this point of research and what projct that can i do for ?

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465577 is a reply to message #465571]

Wed, 14 July 2010 21:00

BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal

Senior Member

user<=>browser<=>WebServer<=>ApplicationServer<=>DatabaseServer

above shows a typical 3 tier application.
In a well designed 3-tier application the database can not be "attacked" by any outside agent.
There is nothing extraordinary about a Search Engine sending requests to any web server as shown below

"Search Engine"<=>WebServer<=>ApplicationServer<=>DatabaseServer

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465683 is a reply to message #465577]

Thu, 15 July 2010 04:16

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

but im tried to search about /isqlplus and found link for isqlplus an entered by one default username/password ,
i did it my self

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465692 is a reply to message #465683]

Thu, 15 July 2010 05:14

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Can you explain in details what you are trying to achieve.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465694 is a reply to message #465692]

Thu, 15 July 2010 05:34

ramoradba
Messages: 2457
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...

Senior Member

http://www.itsec.gov.cn/docs/20090507153655125368.pdf

Is this above you are talking about?

sriram Smile

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465702 is a reply to message #465694]

Thu, 15 July 2010 06:26

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

exactly sriram ,
the idea was came fom this link , i tired to put this link but a problem occur

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465703 is a reply to message #465702]

Thu, 15 July 2010 06:30

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

i want us to suggest ideas for me that serve my search
i also faced the sql injections that mak malisous code to obtain data

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465704 is a reply to message #465702]

Thu, 15 July 2010 06:32

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

1/ You could at least post the title of the article.
2/ What is your question? No one should keep the default usernames/passwords? This is obvious!

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465714 is a reply to message #465704]

Thu, 15 July 2010 06:50

ramoradba
Messages: 2457
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...

Senior Member

And more over the document covers about the sensitive data, firewall and isql*plus.
NO one directly store the sensitive data such as credit card number,
they will encrypt those values with their own methodologies.
@ Michel the title of the article is "SEARCH ENGINES USED TO ATTACK THE DATABASES"

sriram Smile

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465718 is a reply to message #465704]

Thu, 15 July 2010 06:59

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

for sorry, i really entered to an open univrsal site that give degree for Bachelor's - masters and phd using dbsnmp/dbsnmp i know that this user have limited priviliges but i enterd and run procedures and codes written at this link
http://www.oracle.com/technology/pub/articles/project_lockdown/phase1.html --- Remove Default Passwords

show this pic -- after running this code in the above link i obtain all default username/passwrds

/forum/fa/8018/0/

Attachment: default2.gif
(Size: 16.78KB, Downloaded 3326 times)

[Updated on: Thu, 15 July 2010 07:27]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465735 is a reply to message #465718]

Thu, 15 July 2010 08:20

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

dbsnmp/dbsnmp i know that this user have limited priviliges

Wrong! It has powerful enough privilege to hurt the database.

Quote:

i really entered to an open univrsal site that give degree for Bachelor's

So its DBA should be fired.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465774 is a reply to message #465735]

Thu, 15 July 2010 09:55

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

welldn Michel,

Quote:

Wrong! It has powerful enough privilege to hurt the database

tell me about powerful enough privilege to hurt the database

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465776 is a reply to message #465774]

Thu, 15 July 2010 10:11

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Why? Do you want to hurt this site?
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.

Regards
Michel

[Updated on: Thu, 15 July 2010 10:12]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465782 is a reply to message #465776]

Thu, 15 July 2010 10:38

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

no but im surbrised when u say that user dbsnm can hurt database because just i can retrive some dictinory informatin and running create statment but cant do alter and so on
then if you know capablites of dbsnmp please tell me

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465784 is a reply to message #465782]

Thu, 15 July 2010 10:44

BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal

Senior Member

DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.

[Updated on: Thu, 15 July 2010 10:44]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465785 is a reply to message #465784]

Thu, 15 July 2010 10:47

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

BlackSwan wrote on Thu, 15 July 2010 10:44

DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.

3-times---------too much

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465792 is a reply to message #465785]

Thu, 15 July 2010 10:53

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

But maybe it is now sufficient for you to understand what I said?

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465800 is a reply to message #465792]

Thu, 15 July 2010 11:01

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

merci for your silly response
but i think that u more intelligent to speak with others

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465802 is a reply to message #465800]

Thu, 15 July 2010 11:05

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Could please try to write a correct english your sentence is incomprehensible (at least for me).

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465805 is a reply to message #465802]

Thu, 15 July 2010 11:16

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

then the problem is in your's for not understanding other people even if spelling is wrong Smile

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465810 is a reply to message #465805]

Thu, 15 July 2010 11:31

cookiemonster
Messages: 13966
Registered: September 2008
Location: Rainy Manchester

Senior Member

I didn't understand what you meant either and I suspect no one else will - so the problem is yours, especially if you want help from us.

Really though we don't like telling people how to hack databases on this site, just in case someone decides to use what we say to do exactly that.
So I suggest you just except the fact that that account has powerful privileges and should be locked down.

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465812 is a reply to message #465810]

Thu, 15 July 2010 11:41

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

very thanks for you
i dont want to hack but i read more about this account and asked more people about that they reply me that it have limited privillage i know really what can this account do
"This user has some powerful privileges, such as UNLIMITED TABLESPACE,SELECT ANY DICTIONARY (which allows the user to select from dynamic performance views and data dictionary views), and ANALYZE ANY DICTIONARY(which allows analyze of the system objects). Many intruders use this user and password for back-door entry into the database. Needless to say, this is a huge security hole.
"
then when Michel
say"powerful enough privilege to hurt the database"
i loved to know how this account can hurt by code(to put in my research )to learn not to hack

[Updated on: Thu, 15 July 2010 11:45]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465816 is a reply to message #465812]

Thu, 15 July 2010 11:47

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

You just have to know that with these privileges you can hurt the database.
It is not important you know or not how.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465817 is a reply to message #465816]

Thu, 15 July 2010 11:51

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

thanks michel
but really i want how?? to put in my research please

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465820 is a reply to message #465817]

Thu, 15 July 2010 11:55

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

1/ I will not post in a forum how to hurt a database
2/ YOU should not write anywhere how to do it

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465821 is a reply to message #465820]

Thu, 15 July 2010 11:59

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

u can send in private message not in forum

[Updated on: Thu, 15 July 2010 12:01]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465823 is a reply to message #465821]

Thu, 15 July 2010 12:06

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

I don't know you, how could I know if I can trust you?

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465825 is a reply to message #465823]

Thu, 15 July 2010 12:16

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

really you are a very Secretary person with good behaviour but really dont know me
but really in my discussion day if doctors asked me from where u know that this account can hurt database what can i reply(say to them michel tell me Smile

)
are you now know why i want to know how???

[Updated on: Thu, 15 July 2010 12:22]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465831 is a reply to message #465825]

Thu, 15 July 2010 12:57

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

The purpose of your paper is to show that you have acquired the skills and knowledge to have your degree not that someone on the web has them and give you the solution.
You have the privileges, you know that you can hurt, now show your skills and find how or leave it blank hoping they will not ask you how.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465833 is a reply to message #465831]

Thu, 15 July 2010 13:05

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

sure i searched and get more and more informatin that make database unsecure
after i finish my research i will send u to see and give your opinion

[Updated on: Thu, 15 July 2010 13:06]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465836 is a reply to message #465833]

Thu, 15 July 2010 13:11

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

I hope YOU (not "u") will write your paper in a better style than you write here and above all you will not use IM/SMS speak in it.

Do it here, too.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465840 is a reply to message #465833]

Thu, 15 July 2010 13:15

ramoradba
Messages: 2457
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...

Senior Member

Quote:

sure i searched and get more and more informatin that make database unsecured

Then keep the knowledge with you.
No one encourage you in this (how to hack,damage DESTROY the Database using search engines)

Quote:

The purpose of your paper is to show that you have acquired the skills and knowledge to have your degree not that someone on the web has them and give you the solution.
You have the privileges, you know that you can hurt, now show your skills and find how or leave it blank hoping they will not ask you how.

This answer you very clearly.

sriram

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465841 is a reply to message #465836]

Thu, 15 July 2010 13:17

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

sure,u cant learn me how to write
but learn your self first how to be gentel with other:)
i advice u to take course on the art of deal with others to imrove that bad bevaiour

[Updated on: Thu, 15 July 2010 13:24]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465842 is a reply to message #465841]

Thu, 15 July 2010 13:24

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

i advice u to take the deal art with other to imrove that bad bevaiour

Telling the truth is always a bad behaviour for those that don't want to hear it.

Regards
Michel

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465844 is a reply to message #465842]

Thu, 15 July 2010 13:27

samiaa
Messages: 23
Registered: August 2006
Location: egypt

Junior Member

any truth??????
i know one truth that really u have a bad behaviour in dealing with others

[Updated on: Thu, 15 July 2010 13:29]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465845 is a reply to message #465844]

Thu, 15 July 2010 13:31

ramoradba
Messages: 2457
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...

Senior Member

STOP IT !
AS you want the hacking information, That you already got it from your search capabilities.
So write you paper,get your degree(so called).
I lock this topic as the discussion goes in a wrongly manner.

sriram Smile

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465847 is a reply to message #465844]

Thu, 15 July 2010 13:37

Michel Cadot
Messages: 68757
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Before creating your next topic, Please read OraFAQ Forum Guide.

Regards
Michel

Report message to a moderator

Previous Topic:	Data Security During network
Next Topic:	Disconnect from oracle DB.

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon May 05 10:44:38 CDT 2025