欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入 一个流行的安全邮件列表中公布了一个新近发现的具有更大破坏力的Oracle航海家蠕虫版本的变体。 这个蠕虫病毒的新变体具有对公共数据库用户账户的访问权限,但是目前仍然缺乏能够复制自身的机制,Ora
欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入
一个流行的安全邮件列表中公布了一个新近发现的具有更大破坏力的Oracle航海家蠕虫版本的变体。这个蠕虫病毒的新变体具有对公共数据库用户账户的访问权限,但是目前仍然缺乏能够复制自身的机制,Oracle安全专家Pete Finnigan 在自己的博客中写道。
“这个新的Oracle航海家蠕虫变体是用PL/SQL编写的,并且利用了一些像我这样的人通常用来撤销公共账户访问权限的一些关键的内建的包,例如UTL_HTTP, UTL_TCP 和 UTL_SMTP,” Finnigan 说。“这是一个好的忠告,相信我!”
然而直到今天,还没有任何的Oracle用户被这种蠕虫攻击过,报告说。
航海家蠕虫的最初版本是在大概2个月前的一个完全揭露邮件列表中浮出水面的。专家们解释说,这种蠕虫使用UTL_TCP 包来扫描同一个网络中的远程数据库,然后登陆到其中的一个,检索SID和用户的几个常见的用户名和密码来尝试登陆。
位于美国马里兰州毕士达的SANS 因特网风暴中心建议我们按照以下步骤来阻止蠕虫病毒的入侵和在首次出现之后的更进一步的变异:
修改Oracle监听器的TCP/1521的默认端口(并且当你正在执行的时候,设置一个监听器密码)。
尽可能地删除或者锁定默认的用户帐号。确保所有的默认账户都没有使用默认的密码。
撤销UTL_TCP, UTL_INADDR 包的PUBLIC权限。
撤销分配给那些不需要链接到远程数据库的用户的CREATE DATABASE LINK 权限,包括CONNECT 的角色。

MySQLdiffersfromotherSQLdialectsinsyntaxforLIMIT,auto-increment,stringcomparison,subqueries,andperformanceanalysis.1)MySQLusesLIMIT,whileSQLServerusesTOPandOracleusesROWNUM.2)MySQL'sAUTO_INCREMENTcontrastswithPostgreSQL'sSERIALandOracle'ssequenceandt

MySQL partitioning improves performance and simplifies maintenance. 1) Divide large tables into small pieces by specific criteria (such as date ranges), 2) physically divide data into independent files, 3) MySQL can focus on related partitions when querying, 4) Query optimizer can skip unrelated partitions, 5) Choosing the right partition strategy and maintaining it regularly is key.

How to grant and revoke permissions in MySQL? 1. Use the GRANT statement to grant permissions, such as GRANTALLPRIVILEGESONdatabase_name.TO'username'@'host'; 2. Use the REVOKE statement to revoke permissions, such as REVOKEALLPRIVILEGESONdatabase_name.FROM'username'@'host' to ensure timely communication of permission changes.

InnoDB is suitable for applications that require transaction support and high concurrency, while MyISAM is suitable for applications that require more reads and less writes. 1.InnoDB supports transaction and bank-level locks, suitable for e-commerce and banking systems. 2.MyISAM provides fast read and indexing, suitable for blogging and content management systems.

There are four main JOIN types in MySQL: INNERJOIN, LEFTJOIN, RIGHTJOIN and FULLOUTERJOIN. 1.INNERJOIN returns all rows in the two tables that meet the JOIN conditions. 2.LEFTJOIN returns all rows in the left table, even if there are no matching rows in the right table. 3. RIGHTJOIN is contrary to LEFTJOIN and returns all rows in the right table. 4.FULLOUTERJOIN returns all rows in the two tables that meet or do not meet JOIN conditions.

MySQLoffersvariousstorageengines,eachsuitedfordifferentusecases:1)InnoDBisidealforapplicationsneedingACIDcomplianceandhighconcurrency,supportingtransactionsandforeignkeys.2)MyISAMisbestforread-heavyworkloads,lackingtransactionsupport.3)Memoryengineis

Common security vulnerabilities in MySQL include SQL injection, weak passwords, improper permission configuration, and unupdated software. 1. SQL injection can be prevented by using preprocessing statements. 2. Weak passwords can be avoided by forcibly using strong password strategies. 3. Improper permission configuration can be resolved through regular review and adjustment of user permissions. 4. Unupdated software can be patched by regularly checking and updating the MySQL version.

Identifying slow queries in MySQL can be achieved by enabling slow query logs and setting thresholds. 1. Enable slow query logs and set thresholds. 2. View and analyze slow query log files, and use tools such as mysqldumpslow or pt-query-digest for in-depth analysis. 3. Optimizing slow queries can be achieved through index optimization, query rewriting and avoiding the use of SELECT*.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool

DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

WebStorm Mac version
Useful JavaScript development tools

SublimeText3 Chinese version
Chinese version, very easy to use
