I inherited an Oracle 7.3.4 database that nobody knew the internal password
for. So I was doing some research on metalink and came across an article
that mentioned the strt<SID>.cmd file would have the password. I was amazed
to open up this file and see the unencrypted password for internal. I then
check my 8.0.5 database and the same thing. Then I checked my 8.1.7
database and it was not there. Did this gaping security hole disappear in
the 8i database? I sure hope so.
Both the 7.3.4 and 8.0.5 have the remote_login_passwordfile init paramater
set to SHARED, whereas my 8.1.7 is set to EXCLUSIVE. I don't know if this
has something to do with it.
Thanks,
Dave
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Farnsworth, Dave
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).