: .. .. SQL

, . , . CONNECT [[user/password[@_] [AS {SYSOPER|SYSDBA}]] CONNECT TO _ USER USING

(,, ...) ( ,, ...)

, , , , . DBARESOURCECONNECT : ; GRANT [ON ] TO [WITH GRANT OPTION]REVOKE [ON ] FROM GRANT [ON ] TO PUBLICREVOKE [ON ] FROM PUBLICSELECT ;INSERT ;DELETE ;UPDATE ;ALTER / INDEX / ;ALL . , . 7 21 28 ( ) ( ) ( ) , . . , AES (Advanced Encryption Standard), DES (Data Encryption Standard)

1AES_ENCRYPT() AES2AES_DECRYPT() AES3DES_ENCRYPT() DES4DES_DECRYPT() DES5ENCRYPT() crypt()6MD5() MD57SHA() SHA-1INSERT INTO table VALUES ( 1, AES_ENCRYPT( 'text', 'password' ) ).

. ,

1. CUSTOMERS

2. ,

3. ,

MTUCI, , USER, :

USER PASSWORD

AUDIT-( ) , . . Oracle

Oracle

Oracle TNS Listener

TNS ListenerListener Oracle Oracle , .. Listener

TNS Listener : (SIDs) log- , SQL DBA

lsnrctlstatusversionstartstopsetPasswordLog_fileCurrent_listenerTrc_status

TNS Listener PASSWORD TNS Listener. , , status version, Listener a, ( )ADMIN_RESTRICTIONS ( OFF)LOCAL_OS_AUTHENTICATION TNS Listener ( OFF 10g) TNS Listener Listener Listener (CPU)

Oracle :1.IP 2. TNS Listener3. (SID)4. 5.

SID , , ORCL

SIDGUESS

SID SID 8 tnsnames.ora, , SID, ,

> 600 , ,

OScanner

,

SQL injection

Evil View

Dll Patching

SQL injection

Evil View // ,

Dll Patching ALTER SESSION SET NLS , SYS