Howard, Now I don't know about British law and I'm no attorney so take it with a truck load of salt, but US law does make a distinction between malicious and non-malicious hacking. Meaning that it's illegal to hack a system to gain improper access but OK if it's has a proper business purpose. In the case here I believe it would be looked upon as OK since it's an internal person trying to do their specified job that's doing the hacking because they have no recourse. Dick Goulet Senior Oracle DBA/NA Team Lead PAREXEL International ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Howard Latham Sent: Wednesday, March 24, 2010 7:53 AM To: david.robillard@xxxxxxxxx Cc: robertgfreeman@xxxxxxxxx; oracle-l Subject: Re: password Are the members here vetted in anyway? In the UK you can be prosecuted for Aiding a Hacker- And the email here is good for evidence. So lets be careful out there guys. Hey Ive got this great way to crack an Oracle password ......... On 24 March 2010 06:53, David Robillard <david.robillard@xxxxxxxxx> wrote: > In fact, a well done presentation that demonstrates the vulnerability of > an existing database using publicly available hacking tools is often > very eye opening to management types if you are trying to secure a > database and such management types are hesitant to spend the time/money. Hi Robert, Could you please share some URLs to such presentations? Many thanks, David -- David Robillard UNIX team leader & Oracle DBA CISSP, RHCE, SCSA & SCSECA Notarius -- //www.freelists.org/webpage/oracle-l -- Howard A. Latham