| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: strt<SID>.cmd security hole??
Look under SYS$ORACLE:[ORACLE.HOME]
> -----Original Message-----
> From: blair_at_pjm.com [mailto:blair_at_pjm.com]
> Sent: Wednesday, July 25, 2001 5:07 PM
> To: Multiple recipients of list ORACLE-L
> Subject: RE: strt<SID>.cmd security hole??
>
>
> Where is the strt<SID>.cmd file? I don;t see it anywhere
> under $ORACLE_HOME.
>
>
>
> > -----Original Message-----
> > From: Farnsworth, Dave [SMTP:DFarnsworth_at_Ashleyfurniture.com]
> > Sent: Wednesday, July 25, 2001 4:47 PM
> > To: Multiple recipients of list ORACLE-L
> > Subject: strt<SID>.cmd security hole??
> >
> > I inherited an Oracle 7.3.4 database that nobody knew the
> internal password
> > for. So I was doing some research on metalink and came
> across an article
> > that mentioned the strt<SID>.cmd file would have the
> password. I was amazed
> > to open up this file and see the unencrypted password for
> internal. I then
> > check my 8.0.5 database and the same thing. Then I checked my 8.1.7
> > database and it was not there. Did this gaping security
> hole disappear in
> > the 8i database? I sure hope so.
> > Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile
> init paramater
> > set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I
> don't know if this
> > has something to do with it.
> >
> > Thanks,
> >
> > Dave
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author: Farnsworth, Dave
> > INET: DFarnsworth_at_Ashleyfurniture.com
> >
> > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> > San Diego, California -- Public Internet access /
> Mailing Lists
> > --------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author:
> INET: blair_at_pjm.com
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Gogala, Mladen INET: MGogala_at_oxhp.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Jul 25 2001 - 15:52:46 CDT
 |
 |