Re: Security Questions

The sans folks seem to think that having a handle on the 
default role pws is a good idea, but I don't know what the 
vulnerability is, note it is sev 1:

http://www.sans.org/score/oraclechecklist.php

Action Description                        Severity Level O/S   Oracle    
Default 
                                          level                Version   Install
2.2.11 Audit known default role passwords 1        ALL         ALL      YES

The severity levels are set between 1 and 5 (1 indicating the highest level).


On Tue, Jan 24, 2006 at 10:25:04AM -0500, J. Dex wrote:
> 
> Does it matter if standard Oracle roles are NOT password protected?  Does 
> it only need to be non-standard roles that are password protected?
--
http://www.freelists.org/webpage/oracle-l


Other related posts: