|
|
Posted by HansF on 11/03/05 20:28
On Thu, 03 Nov 2005 13:12:32 -0500, RollForward Wizard wrote:
> Exciting Oracle News
Sure is ...
>
> Oracle DB Worm Code Published
> http://www.eweek.com/article2/0,1895,1880682,00.asp?kc=ewnws110205dtx1k0000599
>
With very simple solutions: don't set up or unlock the default accounts
with default passwords; don't make utilities public that shouldn't be
public. Duh!
As written in the article "with hundreds of databases, there is a good
chance the DBA will miss a few". Any DBA who doesn't know how to write
scripts, that is.
<heavy sigh>
> Researcher: Oracle Passwords Crack in Mere Minutes
> http://www.eweek.com/article2/0,1895,1878883,00.asp
Shows to go ya - Oracle had the right idea when they introduced
Enterprise Authentication and password expiry and lockout.
Too bad people dont want to use them. We find organizations and
developers STILL insist on one userid for the entire app.
When Convenience overrides Security we will always find the same
joy [of viruses and worms] we experience in the world of Windows.
It's probably the biggest reason why Windows has a problem.
<heavier sigh>
Apologies for the cross-posted reply. Follow-up set to
comp.database.oracle.server
Further apologies for feeding the troll.
--
Hans Forbrich
Canada-wide Oracle training and consulting
mailto: Fuzzy.GreyBeard_at_gmail.com
*** Top posting guarantees I will not respond further ***
Navigation:
[Reply to this message]
|