RE: Litchfield on October patch
- From: JayMiller@xxxxxxxxxxxxxxxx
- To: oracle-l@xxxxxxxxxxxxx
- Date: Fri, 28 Oct 2005 17:24:59 -0400
Unfortunately as of 10.2 Oracle does not provide syntax for database
creation (most of it is the same but I always worry about new features).
All I found on Metalink were the instructions that if you *really* don't
want to use DBCA then use DBCA to generate the scripts and run them
yourself.
I did so and did a fair amount of modifying but I'm still a bit p***ed off
about it.
Jay Miller
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
Sent: Thursday, October 20, 2005 10:54 AM
To: Rich.Jesse@xxxxxxxxxxxxxxxxx; bdbafh@xxxxxxxxx; stellr@xxxxxxxxxx
Cc: oracle-l
Subject: RE: Litchfield on October patch
Exactly. DBCA is a beast that should be put to sleep. It cruds the
database up with stuff that you don't need, and that Oracle wants to
charge you for. We never use it.
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Jesse, Rich
Sent: Thursday, October 20, 2005 10:49 AM
To: bdbafh@xxxxxxxxx; stellr@xxxxxxxxxx
Cc: oracle-l
Subject: RE: Litchfield on October patch
Better yet, just don't use the dbca.
Rich
"E-vil. Like the fru-its of the dev-il, E-vil."
-- Charley Mackenzie, So I Married An Axe Murderer
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Paul Drake
Sent: Wednesday, October 19, 2005 6:09 PM
To: stellr@xxxxxxxxxx
Cc: oracle-l
Subject: Re: Litchfield on October patch
On 10/19/05, Ray Stell <stellr@xxxxxxxxxx> wrote:
> from bugtraq:
>
> Having downloaded and given the Oracle October patch a cursory
examination,
> some of the flaws Oracle told me were being fixed, remain exploitable.
Once
> again the patch is not sufficient. I will conduct a full investigation
of
> the patch over the coming few days and post some recommendations once
> complete. Incidently, it's good to see that the NGS Disclosure policy
of not
> publicly releasing details of the flaws "fixed" seems to work as a
useful
> fail safe mechanism.
>
> More to follow...
> Cheers,
> David Litchfield
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> ======================================================================
> Ray Stell stellr@xxxxxx (540) 231-4109 Tempus fugit 28^D
> --
> //www.freelists.org/webpage/oracle-l
This one will knock out vulnerabilities DB [17-25]:
Steps for Manual De-installation of Oracle Spatial
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_d
atabase_id=NOT&p_id=179472.1
Basically, the schema mdsys is created by default in a dbca db, even
if the spatial option is not being installed. In theory, the
following:
SQL> drop user spatial cascade;
should do the trick.
The referenced doc was for 9i and not apparently updated for 10g.
As always, test on a destructo box first.
Paul
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
-----------------------------------------
This message is confidential and sent by TD Waterhouse solely for use
by the intended recipient. If you are not the intended recipient, you
are hereby notified that any use, distribution or copying of this
communication is strictly prohibited. This should not be deemed as an
offer or solicitation, to buy or sell any product. Any 3rd party
information contained herein was prepared by sources deemed reliable,
but is not guaranteed. TD Waterhouse does not accept electronic
instructions that would require an original signature. Information
received by or sent from TD Waterhouse is stored, subject to review,
and may be produced to regulatory authorities or others with a legal
right to such.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
