putting an alias in my tnsnames for a change to report server
Ryan Gaffuri
developer server. This is what I added. Its not working.....
Per note: 139546.1 at the end under known issues. It says to add an
alias to my tnsnames to get around the issue with reports servers have
numbers, etc... in its name.
Here is the part of the tnsnames.ora file that has the instance that
Im interested and what I added:
APANDEV.MTMC.ARMY.MIL =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 144.101.14.115)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = apandev.mtmc.army.mil)
)
)
myserver Rep60_HQ73-dev6i=(ADDRESS=(PROTOCOL=tcp)(HOST=HQ73-dev6i)(PORT
1521)
There are 4-5 others instances listed in this tnsnames.. the
Rep60_HQ73-dev6i comes directly out of my registry. What did I do
wrong? It does not recognize this when I try to run the report with
run_report_object?
Howard J. Rogers
"Ryan Gaffuri" <rgaf...@cox.net> wrote in message
news:1efdad5b.02070...@posting.google.com...
> I tried to add an alias to my tnsnames on both my oracle server and my
> developer server. This is what I added. Its not working.....
>
> Per note: 139546.1 at the end under known issues. It says to add an
> alias to my tnsnames to get around the issue with reports servers have
> numbers, etc... in its name.
>
> Here is the part of the tnsnames.ora file that has the instance that
> Im interested and what I added:
>
> APANDEV.MTMC.ARMY.MIL =
> (DESCRIPTION =
> (ADDRESS_LIST =
> (ADDRESS = (PROTOCOL = TCP)(HOST = 144.101.14.115)(PORT = 1521))
> )
> (CONNECT_DATA =
> (SERVICE_NAME = apandev.mtmc.army.mil)
> )
> )
>
> myserver Rep60_HQ73-dev6i=(ADDRESS=(PROTOCOL=tcp)(HOST=HQ73-dev6i)(PORT
> 1521)
>
I might be missing the point, but the syntax is just all over the place,
isn't it. Were it to look like this:
MYSERVER=
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = HQ73-dev61)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = Rep60_HQ73-dev61)
)
)
....then you might stand a chance.
However, since "it does not recognise this" is not a known Oracle error
message, it's difficult to know for sure.
Regards
HJR
Ed Stevens
The technical answer to your question has been answered. However, I would like
to express some concern that you have exposed the IP address and other connect
information of a military database. A good hacker (which I'm not) now knows the
IP address, server DNS name, and listening port of a database server owned by
the U.S. Army. Makes the hair stand up on the back of my neck.
--
Ed Stevens
(Opinions expressed do not necessarily represent those of my employer.)
Ryan Gaffuri
try the IP address it wont work. Thanks for your concern.
Ed Stevens
>spam...@nospam.noway.nohow (Ed Stevens) wrote in message news:<3d22f243....@ausnews.austin.ibm.com>...
<snippage>>
>> The technical answer to your question has been answered. However, I would like
>> to express some concern that you have exposed the IP address and other connect
>> information of a military database. A good hacker (which I'm not) now knows the
>> IP address, server DNS name, and listening port of a database server owned by
>> the U.S. Army. Makes the hair stand up on the back of my neck.
>
>try the IP address it wont work. Thanks for your concern.
Well, I did try to ping it, out of curiosity, and the ping timed out. But not
being a strong network guy, and even less of a serious hacker, I don't know if
that was a true indication of how bullet proof that site is.
Just the same, if I were dealing with this, I would have totally masked the
server name, service name, and IP address, so that people wouldn't even know it
was a military site. I do that with my own stuff even without the type of
security issues you're dealing with. Something like
aaaaaaaa.bbbb.cccc.ddd =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = xxx.xxx.xx.xxx)(PORT = 1521))
)
(CONNECT_DATA =
(SERVICE_NAME = aaaaaaaa.bbbb.cccc.ddd)
)
)
Martin Haltmayer
The tnsnames.ora used for this has the following entry, all deducted from your
post:
mil.world =
(description =
(address = (protocol = tcp) (host = 144.101.14.115 ) (port = 1521))
(connect_data = ( SERVICE_NAME = apandev.mtmc.army.mil ))
)
G:\Daten\Martin\tests>sqlplus dbsnmp/dbs...@mil.world
SQL*Plus: Release 8.1.7.0.0 - Production on Thu Jul 11 16:03:14 2002
(c) Copyright 2000 Oracle Corporation. All rights reserved.
Connected to:
Oracle8i Enterprise Edition Release 8.1.7.2.1 - Production
JServer Release 8.1.7.2.1 - Production
SQL> set feedback on
SQL> set linesize 110
SQL> set pagesize 60
SQL> set timing on
SQL> set trimspool on
SQL> define _editor = lemmy.exe
SQL> set echo on
SQL> set feedback on
SQL> set linesize 1000
SQL> set pagesize 0
SQL> set timing on
SQL> set verify on
SQL> -- whenever sqlerror exit failure rollback
SQL> whenever sqlerror continue
SQL> select * from v$session;
06D0D934 1 1 0 06CECB78
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
367 HQ73 HQ73
ORACLE.EXE BACKGROUND
00 0 00 0
0 0
0 -1 0 0 0
11-JUL-02 28479 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D0E1A0 2 1 0 06CECEA0
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
394 HQ73 HQ73
ORACLE.EXE BACKGROUND
00 0 00 0
0 0
0 -1 0 0 0
11-JUL-02 28482 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D0EA0C 3 1 0 06CED1C8
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
383 HQ73 HQ73
ORACLE.EXE BACKGROUND
00 0 00 0
0 0
0 -1 0 0 0
11-JUL-02 28482 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D0F278 4 1 0 06CED4F0
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
347 HQ73 HQ73
ORACLE.EXE BACKGROUND
00 0 00 0
0 0
0 -1 0 0 0
11-JUL-02 28482 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D0FAE4 5 1 0 06CED818
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
124 HQ73 HQ73
ORACLE.EXE BACKGROUND
06833F20 1714733582 06833F20 1714733582
0 0
0 -1 0 0 0
11-JUL-02 28482 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D10350 6 1 0 06CEDB40
0 0 2147483644
ACTIVE DEDICATE
D 0 SYS SYSTEM
361 HQ73 HQ73
ORACLE.EXE BACKGROUND
06837CD0 3625995331 06837CD0 3625995331
0 0
0 -1 0 0 0
11-JUL-02 28482 NO NONE NONE NO
DISABLED ENABLED ENABLED
06D10BBC 7 3 5788 06CEDE68 110
DBSNMP 0 2147483644 INACTIVE
DEDICATE
D 110 DBSNMP NT AUTHORITY\SYSTEM
103:250 SPAN\HQ73 HQ73
dbsnmp.exe USER
068437D4 2501101467 068437D4 2501101467
0 0
1 -1 0 0 0
11-JUL-02 28463 NO NONE NONE NO DEFAULT_CONSUMER_GROUP
DISABLED ENABLED ENABLED
06D11428 8 133 5790 06CEE190 110
DBSNMP 3 2147483644 ACTIVE
DEDICATE
D 110 DBSNMP martin
1204:688 WORKGROUP\SCHLEPPTOP SC
HLEPPTOP
sqlplus.exe USER
067AB990 3983320901 067AB990 3983320901 SQL*
Plus
3669949024 4029777240
3 -1 0
0 0 11-JUL-02 0 NO NONE NONE NO
DEFAULT_C
ONSUMER_GROUP DISABLED ENABLED ENABLED
8 rows selected.
Elapsed: 00:00:04.86
SQL>
SQL> alter user dbsnmp identified by blafasel;
User altered.
Elapsed: 00:00:01.92
Just try the new password!
Regards,
Martin
Daniel Morgan
I sincerely hope I am wrong. But is the above posting as flagrant violation of security as it appears to be?
If so please be responsible, report this immediately, and have the server secured.
Daniel Morgan
Howard J. Rogers
The user dbsnmp appears to have rights to the dba_users view. That exposes
everyone's hashed passwords. I didn't go any further with the usual 'alter
user...values', but the implications are horrifying.
Thanks God this was only 8.1.7.2.1... had it been 9i, I would have been
tempted to try a spurious left outer join....
It needs fixing as a matter of some urgency, that's for sure.
Regards
HJR
"Daniel Morgan" <dmo...@exesolutions.com> wrote in message
news:3D2DAD51...@exesolutions.com...
Sybrand Bakker
<d...@hjrdba.com> wrote:
>It needs fixing as a matter of some urgency, that's for sure.
Well, it has been there for ages hasn't it, all the way up from the
Oracle 7 base release.
Regards
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address
Howard J. Rogers
the problem. It's that his database is publicly accessible over the Internet
(and with some serious privilege issues, to boot.... it might, for example,
be time to change the default passwords for certain, er, crucial
accounts -and I'm not talking OUTLN!) and thus open to any degree of
compromise anyone might care to throw at it.
Regards
HJR
"Sybrand Bakker" <pos...@sybrandb.demon.nl> wrote in message
news:7cvriusdmcnsn4gcl...@4ax.com...
Sean M
information to an internet newsgroup, or the guy that takes that post as
an invitation to hack said computer? The former was a really bad idea;
the latter may be criminal.
[Just because someone leave his car door unlocked doesn't mean it's OK
to hop in and change the station on his radio.]
Regards,
Sean
damorgan
If the act of hacking was such that it costs Ryan Gaffuri a few nights sleep I'd say "go for it". I am quite offended
by several things. First that he posted the information at all potentially compromising the security of my family,
friends, and country. And second that he apparently tried to cover up what he did with a transparent story about
having changed an IP address.
Because even if he had changed the IP address in his posting it was still a gross breach of protocol and I sincerely
hope someone monitoring this group from the FBI, NSA, or another .mil domain takes this seriously and arranges for
him to have an opportunity to consider his act ... in the brig..
Daniel Morgan
George Barbour
George Barbour.
"Martin Haltmayer" <Martin.H...@d2mail.de> wrote in message
news:3D2D915D...@d2mail.de...
Sybrand Bakker
<gbar...@csc.com> wrote:
>The Men in Black might visit you now Martin. ;-)
>George Barbour.
Which ones? Osama Bin Laden or the CIA?
Paul Brewer
news:3D2E27FE...@earthlink.net...
> So, what's worse - the guy who posts sensitive military computer
> information to an internet newsgroup, or the guy that takes that post as
> an invitation to hack said computer? The former was a really bad idea;
> the latter may be criminal.
>
> [Just because someone leave his car door unlocked doesn't mean it's OK
> to hop in and change the station on his radio.]
>
> Regards,
> Sean
>
I think this is a little harsh on Martin. He didn't steal the car, or booby
trap it. He called across to the car owner: "Hey buddy, you left your door
unlocked!". Buddy replied: "No it's OK, I moved the car". Martin said "You
didn't, you know; it's still in the same place and you'd better lock it
quickly; this neighbourhood is not too safe. If you don't believe me, check
the radio; I didn't damage anything but I changed the station to prove it to
you".
If I left my car unlocked in a dangerous neighbourhood, and someone said
that to me, I'd thank them (and lock it PDQ). Wouldn't you?
Regards,
Paul
P.S. Please accept my apologies for the English spelling of neighborhood :o)
Sean M
>
> Hi, Sean.
>
> I think this is a little harsh on Martin. He didn't steal the car, or booby
> trap it. He called across to the car owner: "Hey buddy, you left your door
> unlocked!". Buddy replied: "No it's OK, I moved the car". Martin said "You
> didn't, you know; it's still in the same place and you'd better lock it
> quickly; this neighbourhood is not too safe. If you don't believe me, check
> the radio; I didn't damage anything but I changed the station to prove it to
> you".
Mostly I agree, except in this case, the guy who left the car unlocked
doesn't own the car. He just borrowed it from his Dad (the US Military,
in this admittedly strained analogy). And Dad is fussy about his
upolstery - he doesn't want any strangers getting inside and mucking
around, even if they mean no harm. I think Martin's intentions were
sound, but I don't think it was a very smart move on his part given the
current climate. I wasn't trying to be harsh; I was just pointing out
that Dad (Uncle Sam) might not take too kindly to the activity.
> If I left my car unlocked in a dangerous neighbourhood, and someone said
> that to me, I'd thank them (and lock it PDQ). Wouldn't you?
Probably, but I'm not sure the police would see it the same way if you
were caught in the act. "But I was just trying to help." "Yeah, tell
it to the judge." I'm not saying I agree with that mentality, but it
does seem to be the prevailing one nowadays.
> P.S. Please accept my apologies for the English spelling of neighborhood :o)
Different flavours for each, eh?
Regards,
Sean
Ryan Gaffuri
There's nothing on this this server that would be of use to anyone. It
was supposed to have been set up as simply being available in the
building or so I
was told.
Im not a DBA. I didnt build it. So if I hadnt made this post, I
wouldn't have found this. Apparently this has been a problem since
long before I got here.
Martin Haltmayer
it was not my intention to raise such worries. I understand that, and I
apologize for the trouble I may have caused to you and especially Ryan. I admit
it was not very wise to proceed in that way given the fact that Ryan was loaded
with an infrastructure he was not responsible for. It was bad style of mine to
expose him like that. Again, I am sorry for that.
However, I was right with my first assumption that these instance was not of
much importance according to Ryan's post. I e-mailed Ryan directly (that would
have been the correct proceeding anyway in the first place). I am pretty sure if
this would have been a real breach of security to your country I would not have
survived my weekend undisturbed. Take it as a positive issue that I did not post
from an anonymous server and that I used my real e-mail address. A bad guy would
have avoided both without telling this group.
Suspecting me a criminal is another thing. Remember that nearly everybody is
criminal with respect to a certain set of laws and rules somewhere in this
world. So this very much depends on the environment you live in. What is
forbidden in one country may be allowed in others. If you just discuss the
behaviour of some governments you may even be sentenced to death without knowing
as opposed to the U. S. A. where you have guaranteed the freedom of speech.
Maybe you can consider my post as exploiting the freedom of speech ("you may
utter freely unless you say something against us...").
So I will be more careful with my postings in the future. Please don't take this
discussion as something hostile but just as something too prematurely published.
Regards,
Martin
Ed Stevens
<snippage of message history>
>There's nothing on this this server that would be of use to anyone. It
>was supposed to have been set up as simply being available in the
>building or so I
>was told.
>
I wouldn't be so sure about that, either. Intelligence doesn't usually come
from snatching "the big plan" but from taking a lot of little pieces that, by
themselves, seem trivial and meaningless. And in the case of a server, even
though there is no data on it of any value whatsoever, if security is this lax,
it seems reasonable that the exposed server could be used as a bridge to
somewhere else.
On the first point, let me bore you with an example. Back in the '70's I was a
trumpet player in an Army Band. (Still am, but in the National Guard now). Our
manning chart was considered classified information. I thought it was rather
anal. Of what possible value could it be to someone to know that a certain Army
band was authorized one oboe player vs. two. Well, if you gather from one
source how Army bands are structured, then from another source you find out how
many oboe players a particular band is authorized, then you know what kind of
band you're looking at. Now, since you previously learned how Army bands are
structured, since you found out what size THIS band is, you know what size
command (post, division, corps, army, theater) it is assigned to. Then, if from
another source you find out that that band is deploying to Outer Sloboviea, then
it is easy to figure out what size buildup/operation is being planned for Outer
Sloboviea.
For want of a nail, a shoe was lost.
For want of a shoe, a horse was lost.
For want of a horse, a battle was lost.
For want of a battle, a war was lost.
For want of a war, a kingdom was lost.
And all for the want of a nail.
Richard Foote
I split a nail yesterday while I was the gardening. I had absolutely no idea
the consequences could be so dire !!
Regards :)
Richard
"Ed Stevens" <spam...@nospam.noway.nohow> wrote in message
news:3d32bfe7...@ausnews.austin.ibm.com...