From Oracle Database 11g Instance STIG
Part of DBMS demonstration and sample databases
Demonstration and sample database objects and applications present publicly known attack points for malicious users. These demonstration and sample objects are meant to provide simple examples of coding specific functions and are not developed to prevent vulnerabilities from being introduced to the DBMS and host system.
From SQL*Plus: select username from dba_users where username in ('ALLUSERS', 'AOLDEMO', 'AQDEMO', 'AQJAVA', 'AQUSER', 'AUC_GUEST', 'BI', 'CTXDEMO', 'DEMO8', 'DEV2000_DEMOS', 'HR', 'IX', 'OE', 'ORABAMSAMPLES', 'PM', 'PORTAL_DEMO', 'PORTAL30_DEMO', 'QS', 'SCOTT', 'SECDEMO', 'SH', 'WK_TEST') or username like 'QS_%'; If any usernames are listed and are not documented in the System Security Plan and authorized by the IAO, this is a Finding. See MetaLink note 160861.1 for a list of Oracle database users and usages.
For the sample applications and schemas with the Oracle database installation, use the provided SQL scripts (if present) to remove the application objects and drop the demo users and schemas: From SQL*Plus: -- Human Resources application: @?/demo/schema/human_resources.hr_drop.sql -- Order Entry application: @?/demo/schema/order_entry/oe_drop.sql and oc_drop.sql -- Product Media application: @?/demo/schema/product_media/pm_drop.sql -- Information Exchange application: @?/demo/schema/information_exchange/ix_drop.sql -- Sales History application: @?/demo/schema/sales_history/sh_drop.sql For other demo applications, deinstall using the SQL command: drop user [demo username] cascade;
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer