Oracle security issues that are easy to ignore

zhaozj2021-02-16  71

Database security issues have always been one of the focus of people. We know that a business or institution's database is attacked by hackers, and these databases saves very important data, as banks, communications and other databases, the consequences will be unimaginable. Oracle Database Use a variety of means to ensure the security of the database, such as password, role, permission, and more. Database administrators as Oracle know that after the database system is typically installed, the three users of SYS and System and INTERNAL have default passwords. After the database is installed, the first job for system administrators is to modify the passwords of these users. Guarantee the security of the database. However, numerous administrators often ignore a security issue, and we will discuss this problem in detail. Oracle Database System If you use a typical installation, in addition to creating a few users previously described, a user named dbsnmp is automatically created, which is responsible for running the intelligent agent of the Oracle system (Intelligent Agent), the user's default password Also "dbsnmp". If you forget to modify the user's password, anyone can access the database system through the user. Now let's take a look at what permissions and roles have, then analyze the loss of the user's possible database system. Start SQL / PLUS program, using the user log into: SQL> select * from session_privs; CREATE SESSIONALTER SESSIONUNLIMITED TABLESPACECREATE TABLECREATE CLUSTERCREATE SYNONYMCREATE PUBLIC SYNONYMCREATE VIEWCREATE SEQUENCECREATE DATABASE LINKCREATE PROCEDURECREATE TRIGGERANALYZE ANYCREATE TYPECREATE OPERATORCREATE INDEXTYPE can see that the user is not SYS or SYSTEM user management, However, it has two system level privileges: Unlimited TableSpace and Create Public Synonym. Seeing these two permissions You should think about it, these are safe hidden dangers, especially Unlimited TableSpace, which is one of the attack points of the database system. If you still think that even if someone uses this unmodified password login into the database, I have to remind you: The user has a system permission of UNLIMITED TABLESPACE, which can write a small script. Then maliciously fill the system with spam, so that the database system will not run, and will directly lead to the final paralysis. At present, many database systems require 7x24 work. If there is a case where the system is filled with garbage data, then when the database system recovers, it is probably that the loss of irreparable loss has been caused. In order to ensure the absolute security of the Oracle database system, it is strongly recommended that the database administrator modifies the user's default password, and do not leave "convenient door" for unrestricted people.

转载请注明原文地址:https://www.9cbs.com/read-16012.html

New Post(0)