Home » RDBMS Server » Security » Resarch by title "securing oracl database from search engine attack"
Resarch by title "securing oracl database from search engine attack" [message #465569] Wed, 14 July 2010 18:01 Go to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
Resarch by title "securing oracl database from search engine attack"
Resarch by title "securing oracl database from search engine attack [message #465571 is a reply to message #465569] Wed, 14 July 2010 18:03 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
hi guys,
i want us to help me in my point of seach
this research by title"securing oracle database from sarch engine attack"the idea was came from reading article by title "search engine used to attack database
it talk about the dangrous of search engine in finding data and obtaining url's for database engine an entering with default username/passwod ,trying to get data .
NOTE:really i reached to url for open collage that give master an phd remotly by this way
hen,

i searched alot and get more informayion about this topic ,


but want us to help me by their advices and suggestions about this point of research and what projct that can i do for ?
Re: Resarch by title "securing oracl database from search engine attack [message #465577 is a reply to message #465571] Wed, 14 July 2010 21:00 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
user<=>browser<=>WebServer<=>ApplicationServer<=>DatabaseServer

above shows a typical 3 tier application.
In a well designed 3-tier application the database can not be "attacked" by any outside agent.
There is nothing extraordinary about a Search Engine sending requests to any web server as shown below

"Search Engine"<=>WebServer<=>ApplicationServer<=>DatabaseServer
Re: Resarch by title "securing oracl database from search engine attack [message #465683 is a reply to message #465577] Thu, 15 July 2010 04:16 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
but im tried to search about /isqlplus and found link for isqlplus an entered by one default username/password ,
i did it my self
Re: Resarch by title "securing oracl database from search engine attack [message #465692 is a reply to message #465683] Thu, 15 July 2010 05:14 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Can you explain in details what you are trying to achieve.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465694 is a reply to message #465692] Thu, 15 July 2010 05:34 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
http://www.itsec.gov.cn/docs/20090507153655125368.pdf

Is this above you are talking about?


sriram Smile
Re: Resarch by title "securing oracl database from search engine attack [message #465702 is a reply to message #465694] Thu, 15 July 2010 06:26 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
exactly sriram ,
the idea was came fom this link , i tired to put this link but a problem occur
Re: Resarch by title "securing oracl database from search engine attack [message #465703 is a reply to message #465702] Thu, 15 July 2010 06:30 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
i want us to suggest ideas for me that serve my search
i also faced the sql injections that mak malisous code to obtain data
Re: Resarch by title "securing oracl database from search engine attack [message #465704 is a reply to message #465702] Thu, 15 July 2010 06:32 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
1/ You could at least post the title of the article.
2/ What is your question? No one should keep the default usernames/passwords? This is obvious!

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465714 is a reply to message #465704] Thu, 15 July 2010 06:50 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
And more over the document covers about the sensitive data, firewall and isql*plus.
NO one directly store the sensitive data such as credit card number,
they will encrypt those values with their own methodologies.
@ Michel the title of the article is "SEARCH ENGINES USED TO ATTACK THE DATABASES"

sriram Smile
Re: Resarch by title "securing oracl database from search engine attack [message #465718 is a reply to message #465704] Thu, 15 July 2010 06:59 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
for sorry, i really entered to an open univrsal site that give degree for Bachelor's - masters and phd using dbsnmp/dbsnmp i know that this user have limited priviliges but i enterd and run procedures and codes written at this link
http://www.oracle.com/technology/pub/articles/project_lockdown/phase1.html --- Remove Default Passwords

show this pic -- after running this code in the above link i obtain all default username/passwrds


/forum/fa/8018/0/
  • Attachment: default2.gif
    (Size: 16.78KB, Downloaded 2371 times)

[Updated on: Thu, 15 July 2010 07:27]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465735 is a reply to message #465718] Thu, 15 July 2010 08:20 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
dbsnmp/dbsnmp i know that this user have limited priviliges

Wrong! It has powerful enough privilege to hurt the database.

Quote:
i really entered to an open univrsal site that give degree for Bachelor's

So its DBA should be fired.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465774 is a reply to message #465735] Thu, 15 July 2010 09:55 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
welldn Michel,

Quote:
Wrong! It has powerful enough privilege to hurt the database

tell me about powerful enough privilege to hurt the database

Re: Resarch by title "securing oracl database from search engine attack [message #465776 is a reply to message #465774] Thu, 15 July 2010 10:11 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Why? Do you want to hurt this site?
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.

Regards
Michel

[Updated on: Thu, 15 July 2010 10:12]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465782 is a reply to message #465776] Thu, 15 July 2010 10:38 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
no but im surbrised when u say that user dbsnm can hurt database because just i can retrive some dictinory informatin and running create statment but cant do alter and so on
then if you know capablites of dbsnmp please tell me
Re: Resarch by title "securing oracl database from search engine attack [message #465784 is a reply to message #465782] Thu, 15 July 2010 10:44 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member

DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.

[Updated on: Thu, 15 July 2010 10:44]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465785 is a reply to message #465784] Thu, 15 July 2010 10:47 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
BlackSwan wrote on Thu, 15 July 2010 10:44

DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.
DBSNMP privileges are the same ones in any database, query the privileges views to know what are they.


3-times---------too much
Re: Resarch by title "securing oracl database from search engine attack [message #465792 is a reply to message #465785] Thu, 15 July 2010 10:53 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
But maybe it is now sufficient for you to understand what I said?

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465800 is a reply to message #465792] Thu, 15 July 2010 11:01 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
merci for your silly response
but i think that u more intelligent to speak with others
Re: Resarch by title "securing oracl database from search engine attack [message #465802 is a reply to message #465800] Thu, 15 July 2010 11:05 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Could please try to write a correct english your sentence is incomprehensible (at least for me).

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465805 is a reply to message #465802] Thu, 15 July 2010 11:16 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
then the problem is in your's for not understanding other people even if spelling is wrong Smile
Re: Resarch by title "securing oracl database from search engine attack [message #465810 is a reply to message #465805] Thu, 15 July 2010 11:31 Go to previous messageGo to next message
cookiemonster
Messages: 13917
Registered: September 2008
Location: Rainy Manchester
Senior Member
I didn't understand what you meant either and I suspect no one else will - so the problem is yours, especially if you want help from us.

Really though we don't like telling people how to hack databases on this site, just in case someone decides to use what we say to do exactly that.
So I suggest you just except the fact that that account has powerful privileges and should be locked down.
Re: Resarch by title "securing oracl database from search engine attack [message #465812 is a reply to message #465810] Thu, 15 July 2010 11:41 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
very thanks for you
i dont want to hack but i read more about this account and asked more people about that they reply me that it have limited privillage i know really what can this account do
"This user has some powerful privileges, such as UNLIMITED TABLESPACE,SELECT ANY DICTIONARY (which allows the user to select from dynamic performance views and data dictionary views), and ANALYZE ANY DICTIONARY(which allows analyze of the system objects). Many intruders use this user and password for back-door entry into the database. Needless to say, this is a huge security hole.
"
then when Michel
say"powerful enough privilege to hurt the database"
i loved to know how this account can hurt by code(to put in my research )to learn not to hack

[Updated on: Thu, 15 July 2010 11:45]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465816 is a reply to message #465812] Thu, 15 July 2010 11:47 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
You just have to know that with these privileges you can hurt the database.
It is not important you know or not how.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465817 is a reply to message #465816] Thu, 15 July 2010 11:51 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
thanks michel
but really i want how?? to put in my research please
Re: Resarch by title "securing oracl database from search engine attack [message #465820 is a reply to message #465817] Thu, 15 July 2010 11:55 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
1/ I will not post in a forum how to hurt a database
2/ YOU should not write anywhere how to do it

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465821 is a reply to message #465820] Thu, 15 July 2010 11:59 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
u can send in private message not in forum

[Updated on: Thu, 15 July 2010 12:01]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465823 is a reply to message #465821] Thu, 15 July 2010 12:06 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I don't know you, how could I know if I can trust you?

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465825 is a reply to message #465823] Thu, 15 July 2010 12:16 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
really you are a very Secretary person with good behaviour but really dont know me
but really in my discussion day if doctors asked me from where u know that this account can hurt database what can i reply(say to them michel tell me Smile )
are you now know why i want to know how???

[Updated on: Thu, 15 July 2010 12:22]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465831 is a reply to message #465825] Thu, 15 July 2010 12:57 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
The purpose of your paper is to show that you have acquired the skills and knowledge to have your degree not that someone on the web has them and give you the solution.
You have the privileges, you know that you can hurt, now show your skills and find how or leave it blank hoping they will not ask you how.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465833 is a reply to message #465831] Thu, 15 July 2010 13:05 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
sure i searched and get more and more informatin that make database unsecure
after i finish my research i will send u to see and give your opinion

[Updated on: Thu, 15 July 2010 13:06]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465836 is a reply to message #465833] Thu, 15 July 2010 13:11 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
I hope YOU (not "u") will write your paper in a better style than you write here and above all you will not use IM/SMS speak in it.

Do it here, too.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465840 is a reply to message #465833] Thu, 15 July 2010 13:15 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
Quote:
sure i searched and get more and more informatin that make database unsecured

Then keep the knowledge with you.
No one encourage you in this (how to hack,damage DESTROY the Database using search engines)

Quote:
The purpose of your paper is to show that you have acquired the skills and knowledge to have your degree not that someone on the web has them and give you the solution.
You have the privileges, you know that you can hurt, now show your skills and find how or leave it blank hoping they will not ask you how.

This answer you very clearly.

sriram
Re: Resarch by title "securing oracl database from search engine attack [message #465841 is a reply to message #465836] Thu, 15 July 2010 13:17 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
sure,u cant learn me how to write
but learn your self first how to be gentel with other:)
i advice u to take course on the art of deal with others to imrove that bad bevaiour

[Updated on: Thu, 15 July 2010 13:24]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465842 is a reply to message #465841] Thu, 15 July 2010 13:24 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Quote:
i advice u to take the deal art with other to imrove that bad bevaiour

Telling the truth is always a bad behaviour for those that don't want to hear it.

Regards
Michel
Re: Resarch by title "securing oracl database from search engine attack [message #465844 is a reply to message #465842] Thu, 15 July 2010 13:27 Go to previous messageGo to next message
samiaa
Messages: 23
Registered: August 2006
Location: egypt
Junior Member
any truth??????
i know one truth that really u have a bad behaviour in dealing with others

[Updated on: Thu, 15 July 2010 13:29]

Report message to a moderator

Re: Resarch by title "securing oracl database from search engine attack [message #465845 is a reply to message #465844] Thu, 15 July 2010 13:31 Go to previous messageGo to next message
ramoradba
Messages: 2456
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...
Senior Member
STOP IT !
AS you want the hacking information, That you already got it from your search capabilities.
So write you paper,get your degree(so called).
I lock this topic as the discussion goes in a wrongly manner.

sriram Smile
Re: Resarch by title "securing oracl database from search engine attack [message #465847 is a reply to message #465844] Thu, 15 July 2010 13:37 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Before creating your next topic, Please read OraFAQ Forum Guide.

Regards
Michel
Previous Topic: Data Security During network
Next Topic: Disconnect from oracle DB.
Goto Forum:
  


Current Time: Thu Mar 28 16:20:23 CDT 2024