Public database links are a well known security problem – all database users with the most minimal privileges (create session) are able to use the public database link, even including deleting data across the link. Use this to see any public database links going outwards from a database: col host form a30 col db_link form […]
Read More Public Database Links security fix using viewsScript to hunt and lock/drop user accounts, can call from a central script connecting to multiple databases: BEGIN FOR d1 IN ( SELECT username FROM dba_users WHERE username LIKE ‘AGXDL%’ AND account_status != ‘LOCKED’ ORDER BY 1 ) LOOP dbms_output.put_line ( ‘alter user ‘ || d1.username || ‘ account lock ‘ ) ; execute immediate […]
Read More PL/SQL to find and lock or drop user accountsThis is a Pl/sql wrapper around “alter user” to allow front end interfaces (Servicedesk, Javascript or PHP web pages, etc.) to safely change passwords. CREATE OR REPLACE PROCEDURE sys.php_reset_passwords /*************************** || Name : sys.php_reset_passwords || Author : Andrew Fraser || Date : 05-Apr-2012 || Purpose : Allow users to reset their database passwords from a […]
Read More Database Password Changes from users web pageShell script to check if orcladmin account is locked, and unlock it if required # Check to see if orcladmin account is locked, and unlock it if it is. if [ “`ldapbind -p <myport> -D cn=orcladmin -w <myorcladminpassword>`” = “bind successful” ] then echo orcladmin account is ok, is not locked. else echo unlocking orcladmin […]
Read More unlock orcladmin password in shell scriptMy rule of thumb: For 9i and below: always set a listener password (= change from default) For 10g and above: never set a listener password (= leave at default) And here’s why: 9i and below Without a listener password set, any ‘oracle’ account on any machine (even a client) can stop and change listeners […]
Read More Listener passwords: always for 9i, never for 10g