Re: Security Questions

• From: Ray Stell <stellr@xxxxxxxxxx>
• To: oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Tue, 24 Jan 2006 11:14:14 -0500

The sans folks seem to think that having a handle on the 
default role pws is a good idea, but I don't know what the 
vulnerability is, note it is sev 1:

http://www.sans.org/score/oraclechecklist.php

Action Description                        Severity Level O/S   Oracle    
Default 
                                          level                Version   Install
2.2.11 Audit known default role passwords 1        ALL         ALL      YES

The severity levels are set between 1 and 5 (1 indicating the highest level).


On Tue, Jan 24, 2006 at 10:25:04AM -0500, J. Dex wrote:
> 
> Does it matter if standard Oracle roles are NOT password protected?  Does 
> it only need to be non-standard roles that are password protected?
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Security Questions
• » Re: Security Questions
• » Re: Security Questions
• » Re: Security Questions
• » RE: Security Questions

1. Home
2. oracle-l
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---