Category: Security

Public Database Links security fix using views

Public database links are a well known security problem – all database users with the most minimal privileges (create session) are able to use the public database link, even including deleting data across the link. Use this to see any

Posted in Security

PL/SQL to find and lock or drop user accounts

Script to hunt and lock/drop user accounts, can call from a central script connecting to multiple databases: BEGIN FOR d1 IN ( SELECT username FROM dba_users WHERE username LIKE ‘AGXDL%’ AND account_status != ‘LOCKED’ ORDER BY 1 ) LOOP dbms_output.put_line

Posted in Scripts, Security

Database Password Changes from users web page

This is a Pl/sql wrapper around “alter user” to allow front end interfaces (Servicedesk, Javascript or PHP web pages, etc.) to safely change passwords. CREATE OR REPLACE PROCEDURE sys.php_reset_passwords /*************************** || Name : sys.php_reset_passwords || Author : Andrew Fraser ||

Posted in Scripts, Security

unlock orcladmin password in shell script

Shell script to check if orcladmin account is locked, and unlock it if required # Check to see if orcladmin account is locked, and unlock it if it is. if [ “`ldapbind -p <myport> -D cn=orcladmin -w <myorcladminpassword>`” = “bind

Posted in Oracle forms, Scripts, Security

Listener passwords: always for 9i, never for 10g

My rule of thumb: For 9i and below: always set a listener password (= change from default) For 10g and above: never set a listener password (= leave at default) And here’s why: 9i and below Without a listener password

Posted in Security, SQL*Net