Q
qasimpatwekar
Guest
I just got something to add here: I am logged into Linux server as user id "qaduser". I created database from sports2000 and named it to mydb. Enabled secondary broker Here by default it will have DBA_ACC to "qaduser" (as db is created using this id) and sysprogress id which is default. Now: on second machine I logged into Linux by user ID "xyzid" I just type the command like this: sqlexp -db dbname -S port-name -user qaduser It will allow me to connect to database with full dba access. Once I am in sqlexp I can do anything including creating a new user, granting a permission provided i should just know the port number and user id, its not a big deal to get the user id who created the db. on prod server it should not be the case. Its a security concern. Is it a bug? Can you share your views on it please. Thanks, Qasim
Continue reading...
Continue reading...