scott/tiger is also a default Oracle8i password I believe. Sean -----Original Message----- From: Jonathan (Listserv Account) [mailto:listsmurfat_private] Sent: Tuesday, July 03, 2001 1:24 AM To: PEN-TESTat_private Subject: RE: Oracle8i > We are in the process of putting out a complete list of Oracle security > alerts - check out our web site later this week. We have a discussion > board specifically for Oracle security. We are working on some tools > that could be useful to you. Let me know if you'd like to beta test. Count me in for betatesting. Hope I have enough room in a busy schedule when the time comes, but I am definitely interested. As far as Oracle security is concerned, a lot of installations still have the default 'sys/change_on_install' and 'system/manager' enabled because it's easier (...) if another DBA comes along and needs to work on the system. Another commonly used user/password config is 'app_owner/app_owner' where 'app' is the name of the application. The password is the same as the username (...) So far I don't like Oracle that much. It is a very complex, hard to audit piece of software. Because of that complexitity, it seems hard to patch as well. And the company behind it is not as fast responding and open as I would want it to be. Cya Jonathan ---------------------------------------------------------------------------- ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 09:10:17 PDT