Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: 65 Oracle security papers, articles and presentations

Re: 65 Oracle security papers, articles and presentations

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Tue, 08 Apr 2003 13:55:02 -0800
Message-ID: <F001.0057D63C.20030408135502@fatcity.com>


Hi Boris

I haven't tried it yet in 9i, I will have a go when i get chance and check what you say. I guess there wouldn't be a "cure", as to get the password you would need to read the memory directly and that probably wouldn't be possible as a normal user unless they can see x$ tables, not easy.

cheers

Pete

In article <F001.0057D111.20030408110857_at_fatcity.com>, Boris Dali <boris_dali_at_yahoo.ca> writes
>Pete,
>
>Thanks, the collection is very useful.
>
>Does the trick of dumping the library cache, level 10
>and hunting for open text passwords still work in 9i?
>I thought they fixed it, so it would look like the
>following:
>
>...
>BUCKET 114176:
> LIBRARY OBJECT HANDLE: handle=6f4bcf88
> name=alter user dummy identified by ***********
> hash=e7b3be00 timestamp=04-08-2003 13:48:11
>...
>
>Any "cure" for this?
>
>Thanks,
>Boris Dali
>
>>
>> Pete Finnigan
>> <oracle_list_at_peterfinnigan.demon.co.uk>
>> Sent by: root_at_fatcity.com
>> 04/07/2003 10:43 AM
>> Please respond to ORACLE-L
>>
>>
>> To: Multiple recipients of list ORACLE-L
>> <ORACLE-L_at_fatcity.com>
>> cc:
>> Subject: 65 Oracle security papers,
>> articles and presentations
>>
>>
>> Hi Everyone
>>
>> For some time now I have been trying to update my
>> website to include
>> links to the many Oracle security white papers,
>> articles and
>> presentations and info that I have collected over
>> the last few years
>> whilst I have been researching into Oracle security.
>>
>>
>> I have now finally updated my site and added links
>> to some 65 Oracle
>> security papers, articles and presentations. If
>> anyone is interested in
>> Oracle security they are at
>> http://www.petefinnigan.com/orasec.htm or
>> you can go to http://www.petefinnigan.com and choose
>> "white papers" from
>> the pull down menus.
>>
>> If anyone has any links to other Oracle security
>> papers I have not yet
>> listed then I would be very grateful if you could
>> please email me at
>> pete_at_petefinnigan.com with the links.
>>
>> kind regards
>>
>> Pete
>> --
>> Pete Finnigan
>>
>> Email : pete_at_petefinnigan.com
>> Web site: http://www.petefinnigan.com
>>
>> Pete Finnigan is the author of the recently
>> published book about Oracle
>> security from the SANS Institute "Oracle security
>> Step-by-step (A
>> survival
>> guide for Oracle security)" - see
>> http://store.sans.org for details.
>>
>> Pete is the founder of PeteFinnigan.com Limited a UK
>> based company
>> specialising
>> in Oracle security audits and services. Email
>> info_at_petefinnigan.com for
>> details
>> and availability.
>>
>> Some recently published articles include:
>>
>> http://online.securityfocus.com/infocus/1644 - "SQL
>> injection and Oracle - part
>> one"
>>
>> http://online.securityfocus.com/infocus/1646 - "SQL
>> injection and Oracle - part
>> two"
>>
>> --
>> Please see the official ORACLE-L FAQ:
>> http://www.orafaq.net
>> --
>> Author: Pete Finnigan
>> INET: oracle_list_at_peterfinnigan.demon.co.uk
>>
>> Fat City Network Services -- 858-538-5051
>> http://www.fatcity.com
>> San Diego, California -- Mailing list and web
>> hosting services
>>
>---------------------------------------------------------------------
>> To REMOVE yourself from this mailing list, send an
>> E-Mail message
>> to: ListGuru_at_fatcity.com (note EXACT spelling of
>> 'ListGuru') and in
>> the message BODY, include a line containing: UNSUB
>> ORACLE-L
>> (or the name of mailing list you want to be removed
>> from). You may
>> also send the HELP command for other information
>> (like subscribing).
>>
>>
>>
>>
>> --
>> Please see the official ORACLE-L FAQ:
>> http://www.orafaq.net
>> --
>> Author:
>> INET: Jared.Still_at_radisys.com
>>
>> Fat City Network Services -- 858-538-5051
>> http://www.fatcity.com
>> San Diego, California -- Mailing list and web
>> hosting services
>>
>---------------------------------------------------------------------
>> To REMOVE yourself from this mailing list, send an
>> E-Mail message
>> to: ListGuru_at_fatcity.com (note EXACT spelling of
>> 'ListGuru') and in
>> the message BODY, include a line containing: UNSUB
>> ORACLE-L
>> (or the name of mailing list you want to be removed
>> from). You may
>> also send the HELP command for other information
>> (like subscribing).
>>
>
>______________________________________________________________________
>Post your free ad now! http://personals.yahoo.ca
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.net

-- 
Pete Finnigan
Managing Director
PeteFinnigan.com Limited

Email : pete_at_petefinnigan.com

Web site: http://www.petefinnigan.com

Pete is the founder of PeteFinnigan.com Limited a UK based company specialising 
in Oracle security audits and services. Email info_at_petefinnigan.com for details 
and availability.

Pete Finnigan is the  author of the recently published book about Oracle 
security from the SANS  Institute "Oracle security Step-by-step (A survival 
guide for Oracle security)" - see http://store.sans.org for details.

Some recently published articles include:

http://online.securityfocus.com/infocus/1644 - "SQL injection and Oracle - part 
one"

http://online.securityfocus.com/infocus/1646 - "SQL injection and Oracle - part 
two"

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Pete Finnigan
  INET: oracle_list_at_peterfinnigan.demon.co.uk

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Apr 08 2003 - 16:55:02 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US