C:\>sqlplus apex_040000/oracle@192.168.2.38/XE
SQL*Plus: Release 11.1.0.7.0 - Production on Sat Apr 2 13:33:24 2011
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Express Edition Release 11.2.0.2.0 - Beta
SQL> desc dba_users
Name Null? Type
—————————————– ——– —————————-
USERNAME NOT NULL VARCHAR2(30)
USER_ID NOT NULL NUMBER
PASSWORD VARCHAR2(30)
ACCOUNT_STATUS NOT NULL VARCHAR2(32)
LOCK_DATE DATE
EXPIRY_DATE DATE
DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)
TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)
CREATED NOT NULL DATE
PROFILE NOT NULL VARCHAR2(30)
INITIAL_RSRC_CONSUMER_GROUP VARCHAR2(30)
EXTERNAL_NAME VARCHAR2(4000)
PASSWORD_VERSIONS VARCHAR2(8)
EDITIONS_ENABLED VARCHAR2(1)
AUTHENTICATION_TYPE VARCHAR2(8)
SQL> select * from user_role_privs;
USERNAME GRANTED_ROLE ADM DEF OS_
—————————— —————————— — — —
APEX_040000 CONNECT NO YES NO
APEX_040000 RESOURCE YES YES NO
SQL> select * from user_sys_privs;
USERNAME PRIVILEGE ADM
—————————— —————————————- —
APEX_040000 CREATE TRIGGER YES
APEX_040000 CREATE SYNONYM YES
APEX_040000 UNLIMITED TABLESPACE YES
APEX_040000 ALTER SESSION NO
APEX_040000 CREATE JOB YES
APEX_040000 CREATE DIMENSION YES
APEX_040000 CREATE SEQUENCE YES
APEX_040000 CREATE TABLE YES
APEX_040000 ALTER USER NO
APEX_040000 CREATE USER NO
APEX_040000 CREATE SESSION YES
APEX_040000 CREATE OPERATOR YES
APEX_040000 ALTER DATABASE NO
APEX_040000 DROP USER NO
APEX_040000 CREATE INDEXTYPE YES
APEX_040000 CREATE MATERIALIZED VIEW YES
APEX_040000 CREATE VIEW YES
APEX_040000 CREATE CLUSTER YES
APEX_040000 CREATE ANY CONTEXT YES
APEX_040000 CREATE PROCEDURE YES
APEX_040000 DROP PUBLIC SYNONYM NO
APEX_040000 DROP TABLESPACE NO
APEX_040000 CREATE TABLESPACE NO
APEX_040000 CREATE TYPE YES
APEX_040000 CREATE ROLE NO
APEX_040000 CREATE PUBLIC SYNONYM NO
26 rows selected.
SQL>
危害:这个APEX用户,可以修改数据库中任何用户密码。
修复:安装数据库后,修改APEX用户默认密码
本文转自enables 51CTO博客,原文链接:http://blog.51cto.com/niuzu/578803,如需转载请自行联系原作者
