Security Advisories

Trustwave Press Releases

« [Honeypot Alert] Inside the Attacker's Toolbox: Botnet Credit Card Validation Scripts | Main | iOS Application Security: Review of Top 50 Free iPad Apps [Part 2 of 2] »

31 May 2012


What I mean is that in virtually all corporate databases, the Oracle user is an authenticated user-level operating system and database user does not exist in the existing operating system, so the result will always be oracle that is out of the shell to the operating system as user nobody

Correct, but the 99% of users are database users and not OS users.

Its a database user you are using in the script not an OS user. The user must exist in the Oracle database but doesn't need to exist in the OS.

When you connect with a oracle user, this user not exist in operatnig system (except OS authenticated users), the user in the out-box is always nobody.

Is a error?

Its not intended to be a 'best-practice' on how to connect to Oracle, the user used is just to show it can be done. How you want to secure your Oracle database is up to you.

Why does the host with the Oracle user? you should go out with nobody user....

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment