| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: strt<SID>.cmd security hole??
Dave,
What's the platform? NT?
Jared
"Farnsworth, Dave"
<DFarnsworth_at_Ashleyfurn To: Multiple recipients of list
ORACLE-L <ORACLE-L_at_fatcity.com>
iture.com> cc:
Sent by: Subject: strt<SID>.cmd security
hole??
root_at_fatcity.com
07/25/01 01:47 PM
Please respond to
ORACLE-L
I inherited an Oracle 7.3.4 database that nobody knew the internal password
for. So I was doing some research on metalink and came across an article
that mentioned the strt<SID>.cmd file would have the password. I was
amazed
to open up this file and see the unencrypted password for internal. I then
check my 8.0.5 database and the same thing. Then I checked my 8.1.7
database and it was not there. Did this gaping security hole disappear in
the 8i database? I sure hope so.
Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater
set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I don't know if this
has something to do with it.
Thanks,
Dave
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Farnsworth, Dave INET: DFarnsworth_at_Ashleyfurniture.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-LReceived on Wed Jul 25 2001 - 15:57:03 CDT
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
 |
 |