Thanks everybody. Estifan Panosian -----Original Message----- From: Niall Litchfield [mailto:niall.litchfield@xxxxxxxxx] Sent: Friday, December 01, 2006 4:51 AM To: Panosian, Estifan Cc: Oracle-L Freelists Subject: Re: Oracle 9i on Windows 2003 -- Vulnerability Question On 11/30/06, Panosian, Estifan <EPanosian@xxxxxx> wrote: > Hello, > > I am trying to make our database more secure, one of the scenarios we > came up is: > 'what if an internal hacker (somehow) gets to our database server?' > 1) what kind of damages he/she could cause, and > 2) what we need to do to protect our databases? > 3) Could hacker be able to browse data? > > Any article in this regard? > > OS is Windows 2003, Oracle is 9.2.0.7. > The hacker has admin rights on the server. If you mean physically or remotely (for example using some desktop remoting software such as vnc|remote desktop|citrix) then it will - in almost all circumstances - be trivial to carry out any malicious action that you can think of. The physical analogy would be if a burglar can enter you house and has access to your keys/safe codes etc what damage could they do? cheers -- Niall Litchfield Oracle DBA http://www.orawin.info -- //www.freelists.org/webpage/oracle-l