|
Penetration Testing
mailing list archives
RE: Oracle8i
From: "Jonathan (Listserv Account)" <listsmurf () ur nl>
Date: Tue, 3 Jul 2001 10:24:10 +0200
We are in the process of putting out a complete list of Oracle security
alerts - check out our web site later this week. We have a discussion
board specifically for Oracle security. We are working on some tools
that could be useful to you. Let me know if you'd like to beta test.
Count me in for betatesting. Hope I have enough room in a busy schedule when
the time comes, but I am definitely interested.
As far as Oracle security is concerned, a lot of installations still have
the default 'sys/change_on_install' and 'system/manager' enabled because
it's easier (...) if another DBA comes along and needs to work on the
system.
Another commonly used user/password config is 'app_owner/app_owner' where
'app' is the name of the application. The password is the same as the
username (...)
So far I don't like Oracle that much. It is a very complex, hard to audit
piece of software. Because of that complexitity, it seems hard to patch as
well. And the company behind it is not as fast responding and open as I
would want it to be.
Cya
Jonathan
--------------------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to
the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
- Oracle8i INA (V. Brahmanandam) (Jul 01)
- RE: Oracle8i Andrew van der Stock (Jul 02)
- RE: Oracle8i Aaron C. Newman (Jul 02)
- RE: Oracle8i Jonathan (Listserv Account) (Jul 03)
| 
Intro
