My old job had never changed any of the default passwords. And the reason
why standard passwords are kept is because it is 'easy to remember'. Go
figure...
-Original Message-
Sent: Wednesday, July 18, 2001 1:48 PM
To: Multiple recipients of list ORACLE-L
Not at all. Just last week I h
In my book, it was a job.
Reply Separator
Author: [EMAIL PROTECTED]
Date: 7/18/2001 9:48 AM
Not at all. Just last week I had a vendor who came in to install a
package. They were very upset because SYS didn't have the "standard"
password and their i
Rachel Carmichael wrote:
>
> nah, I LIKED this boss :)
never had one of those.;-)
--
Bill "Shrek" Thater Certifiable ORACLE DBA
Telergy, Inc.[EMAIL PROTECTED]
~~
You gotta program like you don't need the money,
You gotta compile like yo
Not at all. Just last week I had a vendor who came in to install a
package. They were very upset because SYS didn't have the "standard"
password and their install script wouldn't work.
I questioned their use of the SYS schema for the installation but powers
wiser than me had me change the SYS p
nah, I LIKED this boss :)
>From: "Thater, William" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: Re: security problem with 8i
>Date: Wed, 18 Jul 2001 09:02:52 -0800
>
>Rachel C
"Farnsworth, Dave" wrote:
>
> This is the way my current employers shop was. After I started here as a
> SQL Server DBA I was told they want me to become the Oracle DBA for a new
> third party app they were getting. They already had two other apps using
> Oracle. These other apps were up and r
;
> and log in as system/manager
>
> I do what they ask me to, then take my old boss aside and explain (gently)
> that he has a security hole in his "highly secured" system that I could
> drive a truck through.
>
> >From: paquette stephane <[EMAIL PROTECTED]>
Oh yeah! I've got one even better! When I joined a previous company, their
*Web-accessible* application's administration username/password was
admin/admin! Their production Oracle DB - accessed via the admin/admin
"protected" app - had system/manager and mps/mps (mps stands for Main
Production
t;From: paquette stephane <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: Re: Re[2]: security problem with 8i
>Date: Wed, 18 Jul 2001 07:25:48 -0800
>
>Are you joking ?
>
> --- [EMAIL PROTEC
Rachel Carmichael wrote:
> and log in as system/manager
>
> I do what they ask me to, then take my old boss aside and explain (gently)
> that he has a security hole in his "highly secured" system that I could
> drive a truck through.
you, my dear goddess, are way to kind.;-)
--
Bill "Shrek" T
;From: paquette stephane <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
> >Subject: Re: Re[2]: security problem with 8i
> >Date: Wed, 18 Jul 2001 07:25:48 -0800
> >
> >Are you jok
JS,
I think DG did this and mail got
crossed.
HTH,
RM
-Original Message-
Sent: Wednesday, July 18, 2001 11:51 AM
To: Multiple recipients of list ORACLE-L
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing passwor
Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: Re: Re[2]: security problem with 8i
>Date: Wed, 18 Jul 2001 07:25:48 -0800
>
>Are you joking ?
>
> --- [EMAIL PROTECTED] a écrit : > Although there
>has been so much publicity of
> > securit
I wish I was.
Reply Separator
Author: =?iso-8859-1?q?paquette=20stephane?= <[EMAIL PROTECTED]>
Date: 7/18/2001 7:25 AM
Are you joking ?
--- [EMAIL PROTECTED] a écrit : > Although there
has been so much publicity of
> security "holes" in Oracle,
Ross,
You can get into all of my databases that way, including
the enterprise SAP database.
Wonderful huh?
Changing passwords around is on my todo list, but it's
often not as simple as just changing it. There may be
other ramifications, like it's a FailSafe database for
instance.
Or a 3rd pa
Are you joking ?
--- [EMAIL PROTECTED] a écrit : > Although there
has been so much publicity of
> security "holes" in Oracle, in
> particular the listener, the one hole that really
> causes me concern is the
> default passwords for sys and system and/or using
> the username as a password.
>
there's also the ALL POWERFUL
scott/tiger account to consider!
-Original Message-
Sent: Wednesday, July 18, 2001 11:07 AM
To: Multiple recipients of list ORACLE-L
Although there has been so much publicity of security "holes" in Oracle,
in
particular the listener, the one hole that r
Although there has been so much publicity of security "holes" in Oracle, in
particular the listener, the one hole that really causes me concern is the
default passwords for sys and system and/or using the username as a password.
Over the past 2 years I've been to a few sites, like 4, at a fri
, VPN,
etc.
then they need to keep this info and patch as part of their migration
plan.
Rodd
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 7/18/01, 6:45:57 AM, Jon Walthour
On Wed, Jul 18, 2001 at 03:45:57AM -0800, Jon Walthour wrote:
> Listers:
>
> My client has asked me to look into this issue and determine if they should
> be concerned about it or not. Since they don't have any db's directly
> accessible from the Internet and since their LAN is very secure anyway
Listers:
My client has asked me to look into this issue and determine if they should
be concerned about it or not. Since they don't have any db's directly
accessible from the Internet and since their LAN is very secure anyway, I'm
inclined to not apply any patches based on the premise that if it
Hi All,
i am not sure if this has already been posted or not, but..
--29 June 2001 Oracle8i Database Buffer Overflow Vulnerability
Security experts found and disclosed a pair of vulnerabilities in the
standard and enterprise editions of Oracle8i database. The Transport
Network Substrate (T
22 matches
Mail list logo