Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A good paper on Oracle's random number generator"] [Next entry: "How to check which users can access the view DBA_USERS"]

A good description of some of the Oracle default accounts



Marcel-Jan emailed me the other day about his SQLGotcha tool (Marcel-Jan has an interesting tool on his site called SQL-Gotcha) and he also mentioned a good paper by Jeff Hunter about Oracle default passwords that explains the source and use of some of these passwords. The paper is titled http://www.idevelopment.info/data/Oracle/DBA_tips/Database_Administration/DBA_26.shtml - (broken link) Oracle Created (Default) Database Users and, as I said was written by Jeff Hunter. This paper is excellent and lists quite a lot of the default Oracle users and shows the known default passwords and also some details of what the account is used for and the features it supports and also in some of the cases describes how the accounts are created.

I also have a detailed list of Oracle default passwords and also a tool to check for them on my site.