Re: Oracle Configuration Manager
- From: Nuno Souto <dbvision@xxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Sat, 17 Sep 2011 20:06:28 +1000
MacGregor, Ian A. wrote,on my timestamp of 16/09/2011 5:48 AM:
> Every time I open an SR, the idea of using OCM very much
> appeals to me. Especially the ability for Oracle to perform health
> checks and recommend patches. However according to the documentation
> the encryption of the data is based PKCS with a 128-bit key.
> IF this is true, then why bother encrypting at all? Also the information
> collected includes such things as the database users and other such
> information which could cause a world of hurt, should it fall in the
> wrong hands.
Like for example, the MAC address of all network cards in your system.
Exactly the kind of information any hacker would love to have to penetrate
one's
firewall and other net-based security.
Why on Earth is this not disabled by default is beyond me - what possible
purpose would Oracle need that info inthe first place other than some demented,
ignorant developer leaving it on "just because"?
The main reason why in a pig's arse OCM will EVER be installed in any system I
manage...
--
Cheers
Nuno Souto
in sunny Sydney, Australia
dbvision@xxxxxxxxxxxx
--
//www.freelists.org/webpage/oracle-l
Other related posts:
