Monday, January 14, 2008

Security Issues
Oracle applications has some Security issues. I have identified some of Security issues in oracle applications. if you know apps schema password you can create the Oracle applications User and also validate the password.
1) The following is used to create the oracle application user from Apps Schema.
declare
usr_id varchar2(200);
ret varchar2(200);
begin
ret:=fnd_web_sec.create_user('TRIGER','Welcome1',usr_id);
if (ret is not null ) then
dbms_output.put_line('User has created '||usr_id);
else
dbms_output.put_line('User has creation failed due to ||'SQLERRM);
end if;
end;

Commit;
/
Here Username : TRIGER
Initial Password : Welcome1
In this case User_id and CREATED_BY both are same.So it is difficult to Others identify who has created this.
Use following query for more clarity

select * from fnd_user
where user_name like 'TRIGGERS%'
2) To Validate the Login and password
declare
ret varchar2(20);
Begin
ret:=fnd_web_sec.validate_login('TRIGGERS','Welcome1');
if ret='Y' then
dbms_output.put_line('Password is Correct');
else
dbms_output.put_line('Password is InCorrect');
end if;
end;
Same as you can attempt with SYSADMIN Password .
3) Use the following Script adding responsibilities from Apps schema

2 comments:

Anonymous said...

Good

Anonymous said...

good