Oracle数据库11.2 Express Edition Beta 版有默认的APEX用户和默认密码

C:\>sqlplus apex_040000/oracle@192.168.2.38/XE

SQL*Plus: Release 11.1.0.7.0 - Production on Sat Apr 2 13:33:24 2011

Copyright (c) 1982, 2008, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - Beta

SQL> desc dba_users
Name                                      Null?    Type
—————————————– ——– —————————-
USERNAME                                  NOT NULL VARCHAR2(30)
USER_ID                                   NOT NULL NUMBER
PASSWORD                                           VARCHAR2(30)
ACCOUNT_STATUS                            NOT NULL VARCHAR2(32)
LOCK_DATE                                          DATE
EXPIRY_DATE                                        DATE
DEFAULT_TABLESPACE                        NOT NULL VARCHAR2(30)
TEMPORARY_TABLESPACE                      NOT NULL VARCHAR2(30)
CREATED                                   NOT NULL DATE
PROFILE                                   NOT NULL VARCHAR2(30)
INITIAL_RSRC_CONSUMER_GROUP                        VARCHAR2(30)
EXTERNAL_NAME                                      VARCHAR2(4000)
PASSWORD_VERSIONS                                  VARCHAR2(8)
EDITIONS_ENABLED                                   VARCHAR2(1)
AUTHENTICATION_TYPE                                VARCHAR2(8)

SQL> select * from user_role_privs;

USERNAME                       GRANTED_ROLE                   ADM DEF OS_
—————————— —————————— — — —
APEX_040000                    CONNECT                        NO  YES NO
APEX_040000                    RESOURCE                       YES YES NO

SQL> select * from user_sys_privs;

USERNAME                       PRIVILEGE                                ADM
—————————— —————————————- —
APEX_040000                    CREATE TRIGGER                           YES
APEX_040000                    CREATE SYNONYM                           YES
APEX_040000                    UNLIMITED TABLESPACE                     YES
APEX_040000                    ALTER SESSION                            NO
APEX_040000                    CREATE JOB                               YES
APEX_040000                    CREATE DIMENSION                         YES
APEX_040000                    CREATE SEQUENCE                          YES
APEX_040000                    CREATE TABLE                             YES
APEX_040000                    ALTER USER                               NO
APEX_040000                    CREATE USER                              NO
APEX_040000                    CREATE SESSION                           YES
APEX_040000                    CREATE OPERATOR                          YES
APEX_040000                    ALTER DATABASE                           NO
APEX_040000                    DROP USER                                NO
APEX_040000                    CREATE INDEXTYPE                         YES
APEX_040000                    CREATE MATERIALIZED VIEW                 YES
APEX_040000                    CREATE VIEW                              YES
APEX_040000                    CREATE CLUSTER                           YES
APEX_040000                    CREATE ANY CONTEXT                       YES
APEX_040000                    CREATE PROCEDURE                         YES
APEX_040000                    DROP PUBLIC SYNONYM                      NO
APEX_040000                    DROP TABLESPACE                          NO
APEX_040000                    CREATE TABLESPACE                        NO
APEX_040000                    CREATE TYPE                              YES
APEX_040000                    CREATE ROLE                              NO
APEX_040000                    CREATE PUBLIC SYNONYM                    NO

26 rows selected.

SQL>

危害:这个APEX用户,可以修改数据库中任何用户密码。
 

修复:安装数据库后,修改APEX用户默认密码



本文转自enables 51CTO博客,原文链接:http://blog.51cto.com/niuzu/578803,如需转载请自行联系原作者


上一篇:linux服务器使用SSH Secure Shell Client部署tomcat


下一篇:Asp.Net中使用Couchbase——Memcached缓存使用篇