Three Tier Oracle Security in London ~ Paul M. Wright

(nix, oracle, java, www, cloud ) intersect (safety, security, reliability, integrity)

Three Tier Oracle Security in London ~ Paul M. Wright RSS Feed
 

Archive for December, 2007

Oracle Forensics Book ~ Now Available

About time too! Copies available through Rampant Techpress. Author’s copies in the UK can be made available to reviewers by contacting reviewcopy@oracleforensics.com. Cheers and Merry Christmas 2007

SYSDBA Backdoor without direct OS access

First half of SYSDBA BACKDOOR paper is easily done without OS access ————————————————————————– Attacker brute forces a SYSDBA user and wishes to create a user that is hidden from SYS.USER$. 1. CREATE USER 2. GRANT SYSDBA TO USER 3. Rename password file via UTL_FILE.RENAME (requires CREATE DIRECTORY). 4. DROP USER via the DB to lose [...]