Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Possible !!! Stolen Database

Status
Not open for further replies.
petersok

petersok

MIS
Jul 26, 1999
2
US
Hers's my scenario, resently the shares on one of our servers where a ORACLE databse resides for ALL of our company was wide open. (YIKES). We have already fixed this problem with the shares, but our CIO would like some sort of answer.<br>
<br>
Question; if someone stole the database (which I hope not), what, if any, information could be taken from it??<br>

 
Sort by date Sort by votes
It depends.<br>
<br>
Have you set a password on the 'internal' user?<br>
<br>
if not - pretty much all of it - sorry. You just have to be the right user (easy to arrange on your own machine) and you have full access.<br>
<br>
Having said that it doesn't really seem likely that anyone would steal a database - they're quite large things and take a while to copy around. Also - if the database is fairly active it's likely the copy would be corrupt and difficult to read.<br>
<br>
I can understand your CIO's concern but it would surprise me if your while database had been copied; it's more usual to find that people forge to change the passwords on the system and sys accounts which leave the whole thing somewhat exposed. Sounds to me as if your CIO just wants your head on a stick for a while (I would! &lt;grin&gt;) so that he can ave it about as a warning. Look contrite and keep your head down for a while.<br>
<br>
Mike<br>
---<br>
Mike_Lacey@Cargill.Com<br>

 
Upvote 0 Downvote
Actually, it could be VERY bad. If the ENTIRE database was copied, complete with all control files and init files it is easy to get around the internal password (by removing the orapwd file and changing one entry in the init.ora file), then someone with Oracle server software installed could restart the database on their machine, change the SYS and SYSTEM passwords through svrmgrl and have full access to all of your data. It would require a great deal of time to copy all of the database files, depending on the size, but once done the "cat's out of the bag". Lesson learned: a DBA's primary task is security. File it under "NEVER FORGET" and tell your boss the data is safe (well, now it is).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aung Thurein Tun
  • Locked
  • Question
opera_mail.AuthenticateCredential error ORA-20001 in Oracle Database
Replies
0
Views
432
Aung Thurein Tun
Aung Thurein Tun
BJoy
  • Locked
  • Question
Bulk insert from C# into Oracle Database
Replies
4
Views
615
karluk
karluk
billo102
  • Locked
  • Question
stats collection on DG affects standby database
Replies
0
Views
305
billo102
billo102
tekpr00
  • Locked
  • Question
Database Capacity Trend
Replies
0
Views
200
tekpr00
tekpr00
marcq
  • Locked
  • Question
Restored database with RMAN in the state which I supposed will be different.
Replies
4
Views
296
marcq
marcq

Part and Inventory Search

Sponsor

Back
Top