This is the way my current employers shop was. After I started here as a
SQL Server DBA I was told they want me to become the Oracle DBA for a new
third party app they were getting. They already had two other apps using
Oracle. These other apps were up and running for a couple of years. Within
the first couple of months of learning Oracle I was able to access the other
Oracle databases with the standard SYS and SYSTEM logins. These were
systems that at the time, I did not have access to. Well the next day, I
told damagement and now I have three Oracle systems. :)
Dave
-----Original Message-----
Sent: Wednesday, July 18, 2001 11:13 AM
To: Multiple recipients of list ORACLE-L
I would doubt he's joking. I've had simular experiences....
transferred to another department within the same company. Get a call from
my old boss "our dba is out sick, we HAVE to have this done today, this is a
highly secured system you have to help and make the changes from this pc"
I go there, cannot log into the database with the username and password he
gives me. We call the dba (who was really sick), apologize and ask for the
username and password -- same as what I had. Still does not work. I stop,
think and say "let me try something"
and log in as system/manager
I do what they ask me to, then take my old boss aside and explain (gently)
that he has a security hole in his "highly secured" system that I could
drive a truck through.
>From: paquette stephane <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: Re: Re[2]: security problem with 8i
>Date: Wed, 18 Jul 2001 07:25:48 -0800
>
>Are you joking ?
>
> --- [EMAIL PROTECTED] a écrit : > Although there
>has been so much publicity of
> > security "holes" in Oracle, in
> > particular the listener, the one hole that really
> > causes me concern is the
> > default passwords for sys and system and/or using
> > the username as a password.
> > Over the past 2 years I've been to a few sites, like
> > 4, at a friends request
> > and/or on an interview where the manager said "show
> > me" and each time I've been
> > able to log onto the DB with any of the following:
> >
> > sys/change_on_install
> > sys/sys
> > system/system
> > system/manager
> >
> > Now come on, this was an old V6 thing that we were
> > suppose to do, and we're
> > still not!!
> >
> > Dick Goulet
> >
> > ____________________Reply
> > Separator____________________
> > Author: Ray Stell <[EMAIL PROTECTED]>
> > Date: 7/18/2001 5:15 AM
> >
> > On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon
> > Walthour wrote:
> > > Listers:
> > >
> > > My client has asked me to look into this issue and
> > determine if they should
> > > be concerned about it or not. Since they don't
> > have any db's directly
> > > accessible from the Internet and since their LAN
> > is very secure anyway, I'm
> > > inclined to not apply any patches based on the
> > premise that if it isn't a
> > > necessary patch, don't apply it in fear of
> > breaking something else. What do
> > > you think?
> > > --
> >
> > two words, disgruntled employee
> >
>===============================================================
> > Ray Stell [EMAIL PROTECTED] (540) 231-4109
> > KE4TJC 28^D
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author: Ray Stell
> > INET: [EMAIL PROTECTED]
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
>--------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: [EMAIL PROTECTED] (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
> > --
> > Please see the official ORACLE-L FAQ:
> > http://www.orafaq.com
> > --
> > Author:
> > INET: [EMAIL PROTECTED]
> >
> > Fat City Network Services -- (858) 538-5051 FAX:
> > (858) 538-5051
> > San Diego, California -- Public Internet
> > access / Mailing Lists
> >
>--------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an
> > E-Mail message
> > to: [EMAIL PROTECTED] (note EXACT spelling of
> > 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB
> > ORACLE-L
> > (or the name of mailing list you want to be removed
> > from). You may
> > also send the HELP command for other information
> > (like subscribing).
>
>=====
>Stéphane Paquette
>DBA Oracle, consultant entrepôt de données
>Oracle DBA, datawarehouse consultant
>[EMAIL PROTECTED]
>
>___________________________________________________________
>Do You Yahoo!? -- Vos albums photos en ligne,
>Yahoo! Photos : http://fr.photos.yahoo.com
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: =?iso-8859-1?q?paquette=20stephane?=
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Farnsworth, Dave
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
