| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re[2]: security problem with 8i
Although there has been so much publicity of security "holes" in Oracle, in particular the listener, the one hole that really causes me concern is the default passwords for sys and system and/or using the username as a password. Over the past 2 years I've been to a few sites, like 4, at a friends request and/or on an interview where the manager said "show me" and each time I've been able to log onto the DB with any of the following:
sys/change_on_install
sys/sys
system/system
system/manager
Now come on, this was an old V6 thing that we were suppose to do, and we're still not!!
Dick Goulet
____________________Reply Separator____________________ Author: Ray Stell <stellr_at_stell.cns.vt.edu> Date: 7/18/2001 5:15 AM
On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon Walthour wrote:
> Listers:
>
> My client has asked me to look into this issue and determine if they should
> be concerned about it or not. Since they don't have any db's directly
> accessible from the Internet and since their LAN is very secure anyway, I'm
> inclined to not apply any patches based on the premise that if it isn't a
> necessary patch, don't apply it in fear of breaking something else. What do
> you think?
> --
two words, disgruntled employee
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ray Stell INET: stellr_at_stell.cns.vt.edu Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: dgoulet_at_vicr.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Jul 18 2001 - 08:57:49 CDT
 |
 |