Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 20th, 2017, 1:44am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Express Security
(Moderator: Pete Finnigan)
   password for SYS and SYSTEM
« No topic | No topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: password for SYS and SYSTEM  (Read 5684 times)
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
password for SYS and SYSTEM
« on: Nov 7th, 2005, 8:18pm »
Quote | Modify

Even though my first attempt to install Oracle Express (XE) failed abysmally - I talked about this in another thread - I did find out one slight security issue. When prompted to add a password for the users SYS and SYSTEM I was able to use the age old default of MANAGER. I was disappointed to see this as in later versions of the main database product you cannot do this.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
gamyers
PeteFinnigan.com Junior Member
**



I love YaBB 1G - SP1!

   
View Profile |

Posts: 80
Re: password for SYS and SYSTEM
« Reply #1 on: Nov 8th, 2005, 9:43pm »
Quote | Modify

Disappointing but....
Old hands who remember system/manager should know enough not to use it.
New hands who don't probably wouldn't use it, and if they tried, might get confused why this word (out of all others) is rejected.
 
Now if there was a default password policy to make all passwords at least eight characters then it wouldn't be an issue.
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: password for SYS and SYSTEM
« Reply #2 on: Nov 9th, 2005, 9:20am »
Quote | Modify

Hi Gary,
 
Yes I agree. My reason for noting it here is that it is a backwards step from what we had in the standard / enterprise editions of 10g.
 
I agree, two steps could be made, one force passwords to be longer than 8 characters and also check that they are not set to any known default or dictionary word. Both of these steps can easily be acheived with a password verification function.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« No topic | No topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board