there's also the ALL POWERFUL
scott/tiger account to consider!
-Original Message-
Sent: Wednesday, July 18, 2001 11:07 AM
To: Multiple recipients of list ORACLE-L
Although there has been so much publicity of security holes in Oracle,
in
particular the listener, the one hole that
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
particular the listener, the one hole that really
causes me concern is the
default passwords for sys and system and/or using
the username as a password.
Over
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing passwords around is on my todo list, but it's
often not as simple as just changing it. There may be
other ramifications, like it's a FailSafe database for
instance.
Or a 3rd
: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle, in
particular the listener, the one hole that really
causes me concern is the
default
JS,
I think DG did this and mail got
crossed.
HTH,
RM
-Original Message-
Sent: Wednesday, July 18, 2001 11:51 AM
To: Multiple recipients of list ORACLE-L
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing
-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: Re: Re[2]: security problem with 8i
Date: Wed, 18 Jul 2001 07:25:48 -0800
Are you joking ?
--- [EMAIL PROTECTED] a écrit : Although there
has been so much publicity of
security holes in Oracle
Oh yeah! I've got one even better! When I joined a previous company, their
*Web-accessible* application's administration username/password was
admin/admin! Their production Oracle DB - accessed via the admin/admin
protected app - had system/manager and mps/mps (mps stands for Main
Production
Not at all. Just last week I had a vendor who came in to install a
package. They were very upset because SYS didn't have the standard
password and their install script wouldn't work.
I questioned their use of the SYS schema for the installation but powers
wiser than me had me change the SYS
My old job had never changed any of the default passwords. And the reason
why standard passwords are kept is because it is 'easy to remember'. Go
figure...
-Original Message-
Sent: Wednesday, July 18, 2001 1:48 PM
To: Multiple recipients of list ORACLE-L
Not at all. Just last week I