一个容易忽视的Oracle数据安全问题-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

一个容易忽视的Oracle数据安全问题

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 04:20 PM

oracle Safety data question

数据库安全问题一直是人们关注的焦点之一，我们知道一个企业或者机构的数据库如果遭到黑客的攻击，而这些数据库又保存着非常重要的数据，象银行、通信等数据库，后果将不堪设想。Oracle数据库使用了多种手段来保证数据库的安全性，如密码，角色，权限等等。

　　作为Oracle的数据库管理员都知道，数据库系统典型安装后，一般sys和system以及internal这三个用户具有默认的口令，数据库安装成功后，系统管理员作的第一件工作就是修改这些用户的口令，保证数据库的安全性。然而，众多管理员往往忽视了其中的一个安全问题，下面我们就将详细讨论这个问题。

　　Oracle数据库系统如果采用典型安装后，除了创建前面介绍的几个用户外，另外还自动创建了一个叫做DBSNMP的用户，该用户负责运行Oracle系统的智能代理(Intelligent Agent)，该用户的缺省密码也是“DBSNMP”。如果忘记修改该用户的口令，任何人都可以通过该用户存取数据库系统。现在我们来看一下该用户具有哪些权限和角色，然后来分析一下该用户对数据库系统可能造成的损失。

　　启动SQL/PLUS程序，使用该用户登录进入：

　　SQL> select * from session_privs;

　　CREATE SESSION

　　ALTER SESSION

　　UNLIMITED TABLESPACE

　　CREATE TABLE

　　CREATE CLUSTER

　　CREATE SYNONYM

　　CREATE PUBLIC SYNONYM

　　CREATE VIEW

　　CREATE SEQUENCE

　　CREATE DATABASE LINK

　　CREATE PROCEDURE

　　CREATE TRIGGER

　　ANALYZE ANY

　　CREATE TYPE

　　CREATE OPERATOR

　　CREATE INDEXTYPE

　　可以看到该用户不是SYS或SYSTEM管理用户，然而，它却具有两个系统级权限：UNLIMITED TABLESPACE和CREATE PUBLIC SYNONYM。

　　看到这两个权限你应该马上想到，这些都是安全隐患，尤其是UNLIMITED TABLESPACE，，它是破坏数据库系统的攻击点之一。如果这时候你还依然认为，即使有人利用这个没有修改的口令登录进数据库也造成不了什么损失的话，我就不得不提醒你：该用户具有UNLIMITED TABLESPACE的系统权限，它可以写一个小的脚本，然后恶意将系统用垃圾数据填满，这样数据库系统也就无法运行，并将直接导致最终的瘫痪。目前很多数据库系统都要求7X24的工作，如果出现了系统用垃圾数据填满的情况，那么，等数据库系统恢复时，恐怕不可挽回的损失已经造成了。

　　为了保证Oracle数据库系统运行的绝对安全，强烈建议数据库管理员修改该用户的默认口令，不要为不怀好意的人留下“方便之门”。

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Two Point Museum: All Exhibits And Where To Find Them

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7378

Java Tutorial

1628

CakePHP Tutorial

1357

Laravel Tutorial

1267

PHP Tutorial

1216

Related knowledge

How much memory does oracle require? May 10, 2024 am 04:12 AM

The amount of memory required by Oracle depends on database size, activity level, and required performance level: for storing data buffers, index buffers, executing SQL statements, and managing the data dictionary cache. The exact amount is affected by database size, activity level, and required performance level. Best practices include setting the appropriate SGA size, sizing SGA components, using AMM, and monitoring memory usage.

Oracle database server hardware configuration requirements May 10, 2024 am 04:00 AM

Oracle database server hardware configuration requirements: Processor: multi-core, with a main frequency of at least 2.5 GHz. For large databases, 32 cores or more are recommended. Memory: At least 8GB for small databases, 16-64GB for medium sizes, up to 512GB or more for large databases or heavy workloads. Storage: SSD or NVMe disks, RAID arrays for redundancy and performance. Network: High-speed network (10GbE or higher), dedicated network card, low-latency network. Others: Stable power supply, redundant components, compatible operating system and software, heat dissipation and cooling system.

70B model generates 1,000 tokens in seconds, code rewriting surpasses GPT-4o, from the Cursor team, a code artifact invested by OpenAI Jun 13, 2024 pm 03:47 PM

70B model, 1000 tokens can be generated in seconds, which translates into nearly 4000 characters! The researchers fine-tuned Llama3 and introduced an acceleration algorithm. Compared with the native version, the speed is 13 times faster! Not only is it fast, its performance on code rewriting tasks even surpasses GPT-4o. This achievement comes from anysphere, the team behind the popular AI programming artifact Cursor, and OpenAI also participated in the investment. You must know that on Groq, a well-known fast inference acceleration framework, the inference speed of 70BLlama3 is only more than 300 tokens per second. With the speed of Cursor, it can be said that it achieves near-instant complete code file editing. Some people call it a good guy, if you put Curs

How much memory is needed to use oracle database May 10, 2024 am 03:42 AM

The amount of memory required for an Oracle database depends on the database size, workload type, and number of concurrent users. General recommendations: Small databases: 16-32 GB, Medium databases: 32-64 GB, Large databases: 64 GB or more. Other factors to consider include database version, memory optimization options, virtualization, and best practices (monitor memory usage, adjust allocations).

AI startups collectively switched jobs to OpenAI, and the security team regrouped after Ilya left! Jun 08, 2024 pm 01:00 PM

Last week, amid the internal wave of resignations and external criticism, OpenAI was plagued by internal and external troubles: - The infringement of the widow sister sparked global heated discussions - Employees signing "overlord clauses" were exposed one after another - Netizens listed Ultraman's "seven deadly sins" Rumors refuting: According to leaked information and documents obtained by Vox, OpenAI’s senior leadership, including Altman, was well aware of these equity recovery provisions and signed off on them. In addition, there is a serious and urgent issue facing OpenAI - AI safety. The recent departures of five security-related employees, including two of its most prominent employees, and the dissolution of the "Super Alignment" team have once again put OpenAI's security issues in the spotlight. Fortune magazine reported that OpenA

How should the Java framework security architecture design be balanced with business needs? Jun 04, 2024 pm 02:53 PM

Java framework design enables security by balancing security needs with business needs: identifying key business needs and prioritizing relevant security requirements. Develop flexible security strategies, respond to threats in layers, and make regular adjustments. Consider architectural flexibility, support business evolution, and abstract security functions. Prioritize efficiency and availability, optimize security measures, and improve visibility.

Security configuration and hardening of Struts 2 framework May 31, 2024 pm 10:53 PM

To protect your Struts2 application, you can use the following security configurations: Disable unused features Enable content type checking Validate input Enable security tokens Prevent CSRF attacks Use RBAC to restrict role-based access

Implementing Machine Learning Algorithms in C++: Security Considerations and Best Practices Jun 01, 2024 am 09:26 AM

When implementing machine learning algorithms in C++, security considerations are critical, including data privacy, model tampering, and input validation. Best practices include adopting secure libraries, minimizing permissions, using sandboxes, and continuous monitoring. The practical case demonstrates the use of the Botan library to encrypt and decrypt the CNN model to ensure safe training and prediction.

See all articles