Re: password
- From: Robert Freeman <robertgfreeman@xxxxxxxxx>
- To: howard.latham@xxxxxxxxx, RStorey@xxxxxxxxxxxxxxxxxx
- Date: Tue, 23 Mar 2010 07:11:20 -0700 (PDT)
That was my first thought but the brutal truth is that there are plenty of
brute force cracking tools out there. I think that DBA's need to understand the
security risks that face them... we need to be honest and wide open about
these. Then maybe we will stop using passwords like dude or secret and the like
and consider some real security.
In fact, a well done presentation that demonstrates the vulnerability of an
existing database using publicly available hacking tools is often very eye
opening to management types if you are trying to secure a database and such
management types are hesitant to spend the time/money.
RF
Robert G. Freeman
Master Principal Consultant, Oracle Corporation
Oracle ACE
Author:
Oracle Database 11g RMAN Backup and Recovery (Oracle Press) - ON ITS WAY SOON!
OCP: Oracle Database 11g Administrator Certified Professional Study Guide
(Sybex)
Oracle Database 11g New Features (Oracle Press)
Oracle Database 10g New Features (Oracle Press)
Other various titles
Blog: http://robertgfreeman.blogspot.com
________________________________
From: Howard Latham <howard.latham@xxxxxxxxx>
To: RStorey@xxxxxxxxxxxxxxxxxx
Cc: oracle-l-freelists <oracle-l@xxxxxxxxxxxxx>
Sent: Tue, March 23, 2010 6:19:26 AM
Subject: Re: password
not wishing to cast any doubt upon anybody in this case however in similar
circumstances how can we be sure we are NOT helping someone HACK into a system?
On 23 March 2010 13:07, Storey, Robert (DCSO) <RStorey@xxxxxxxxxxxxxxxxxx>
wrote:
>
>
>
>
>
>
>
>
>
>>
>>
>Do you know how it was encrypted? Is the front end using an
>encryption scheme or a vendor supplied encryption tool?
>
>>
>>
>From:oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
>Behalf Of Zelli, Brian
>Sent: Tuesday, March 23, 2010 7:46 AM
>To: 'Holvoet, Jo'; oracle-l-freelists
>Subject: RE: password
>>
>
>No it is encrypted.
>>
>
>
>>
>
>ciao,
>Brian
>
>Brian
>J. Zelli, Ed.M.
>Sr.
>Database Administrator
>Enterprise
>Application/Systems Integration
>Information
>Technology - Roswell Park Cancer Institute
>phone:
>(716) 845-4460 email: brian.zelli@xxxxxxxxxxxxxxx
>>
>
>>
>
>
>>
________________________________
>
>From:Holvoet, Jo
>[mailto:jo.holvoet@xxxxxxxxxxxxx]
>Sent: Tuesday, March 23, 2010 8:42 AM
>To: Zelli, Brian; oracle-l-freelists
>Subject: RE: password
>If the apps use it, can’t you find it back on the app side ? If not
>in the code, then in a config type file maybe ?
>
>>
>mvg / regards,
>Jo Holvoet
>>
>>
________________________________
>
>From:oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On
>Behalf Of Zelli, Brian
>Sent: dinsdag 23 maart 2010 13:38
>To: oracle-l-freelists
>Subject: password
>
>>
>I
>lost the password for a schema user that runs applications. I can't
>change it because it will crash the apps. How can I figure out what it
>was? Does anyone have a hack script that can reveal it?
>>
>
>>
>
>ciao,
>Brian
>
>>
>
>>
>
>
>>This email message may contain legally privileged and/or confidential
>information. If you are not the intended recipient(s), or the employee or agent
>responsible for the delivery of this message to the intended recipient(s), you
>are hereby notified that any disclosure, copying, distribution, or use of this
>email message is prohibited. If you have received this message in error, please
>notify the sender immediately by e-mail and delete this email message from your
>computer. Thank you.
>
>>This email message may contain legally privileged and/or confidential
>information. If you are not the intended recipient(s), or the employee or agent
>responsible for the delivery of this message to the intended recipient(s), you
>are hereby notified that any disclosure, copying, distribution, or use of this
>email message is prohibited. If you have received this message in error, please
>notify the sender immediately by e-mail and delete this email message from your
>computer. Thank you.
--
Howard A. Latham
Other related posts:
