Tag: security

Oracle Grid Control: The Importance of Deleting the emkey

Oracle Grid Control documentation warns against leaving the emkey in the Grid Control repository, if it is not removed after it has been copied it is easy to decrypt data, like passwords. Oracle Management Service 10.2 uses several ways to protect these sensitive data, including Virtual Private Database and Password Encryption. To overcome the first one, you have to connect to the database as the SYS user, for the second one, you have to know the encrypted password form, the key, and the associated algorithm. Obviously, the key used to cipher the password is the emkey. So the next question is, “Where are stored the ciphered passwords?”.

Read More >

Exploiting SYSDBA Invoker Rights Using Trigger on Database

This is a follow up on my previous post about SYSDBA keeping invoker rights when calling PL/SQL procedure. Working on the previous test case a bit more I figured that the same anomaly is observed with triggers. So here is one way to get your PL/SQL code called by a SYSDBA. In this case you need to be able to create trigger on database, i. e. need privileges ADMINISTER DATABASE TRIGGER and CREATE TRIGGER.

Read More >
Page 3 of 3123