RE: Oracle 9i on Windows 2003 -- Vulnerability Question

  • From: "Mercadante, Thomas F \(LABOR\)" <Thomas.Mercadante@xxxxxxxxxxxxxxxxx>
  • To: <mbroodbakker@xxxxxxxxx>, <EPanosian@xxxxxx>
  • Date: Fri, 1 Dec 2006 08:38:00 -0500

Even better.  They can reformat the disk.  That's put a dent in up time
statistics.


--------------------------------------------------------
This transmission may contain confidential, proprietary, or privileged 
information which is intended solely for use by the individual or entity to 
whom it is addressed.  If you are not the intended recipient, you are hereby 
notified that any disclosure, dissemination, copying or distribution of this 
transmission or its attachments is strictly prohibited.  In addition, 
unauthorized access to this transmission may violate federal or State law, 
including the Electronic Communications Privacy Act of 1985.  If you have 
received this transmission in error, please notify the sender immediately by 
return e-mail and delete the transmission and its attachments.


-----Original Message-----

From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Mario Broodbakker
Sent: Thursday, November 30, 2006 8:44 PM
To: EPanosian@xxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question

A user with admin rights can give him/herself dba priviliges. And so
connect as sysdba, and do anything he/she likes, whatever a sysdba can
do.

Mario

----- Original Message ----
From: "Panosian, Estifan" <EPanosian@xxxxxx>
To: Oracle-L Freelists <oracle-l@xxxxxxxxxxxxx>
Sent: Thursday, November 30, 2006 3:20:14 PM
Subject: Oracle 9i on Windows 2003 -- Vulnerability Question


Hello,

I am trying to make our database more secure, one of the scenarios we
came up is:
'what if an internal hacker (somehow) gets to our database server?'
1) what kind of damages he/she could cause, and 
2) what we need to do to protect our databases?
3) Could hacker be able to browse data?

Any article in this regard? 

OS is Windows 2003, Oracle is 9.2.0.7. 
The hacker has admin rights on the server.

Regards,
Estifan Panosian
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l


Other related posts: