into a database i of course check the audit trail and yes someone tried to login a user public.
OS_USERNAM USERNAME USERHOST TIMESTAMP ACTION ACTION_NAME COMMENT_TEXT SESSIONID RETURNCODE
---------- ---------- ---------- --------- ---------- --------------- ------------------------------ ---------- ----------
oracle PUBLIC spca5003 05-MAY-11 100 LOGON Authenticated by: OS -1 0
srs401p PUBLIC spca5003 06-MAY-11 100 LOGON Authenticated by: OS -1 0
So whats up.
Public is not a user nor a role.
SQL> select user#,name,type# from sys.user$ where name = 'PUBLIC';
user# name type#
--------------------------------
1 public 0
type 0 means role
type 1 means user
SQL>select * from dba_roles
where role = 'PUBLIC';
no rows selected
so no role
SQL>select password from sys.user$
where name = 'PUBLIC';
PASSWORD
-----------------------------------
So can we login as user public
SQL> conn public
Enter password:
Error:
ORA-01005: null password given; login denied
No you can't login but what if you login like this
SQL> conn / as sysoper
Connected
SQL> show user
USER is "PUBLIC"
So now you login as public can you do something
SQL> create table aap(t1 number) tablespace users;
ERROR at line 1:ORA-01918: user 'PUBLIC' does not exist
Well so your not user public ??? but if you look in the audit trail
OS_USERNAM USERNAME USERHOST TIMESTAMP ACTION ACTION_NAME COMMENT_TEXT SESSIONID RETURNCODE
---------- ---------- ---------- --------- ---------- --------------- ------------------------------ ---------- ----------
oracle PUBLIC spca5003 05-MAY-11 100 LOGON Authenticated by: OS -1 0
oracle PUBLIC spca5003 05-MAY-11 1 CREATE TABLE -1 1031
srs401p PUBLIC spca5003 06-MAY-11 100 LOGON Authenticated by: OS -1 0
But why someone login as / as sysoper is still under investigation.
No comments:
Post a Comment