Slashdot Mirror
Oracle Sues SAP for Spidering Their Support Site
TodoInSATX writes "Oracle has filed a lawsuit against SAP. Among the claims made against SAP are violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, Unfair Competition, Intentional and Negligent Interference with Prospective Economic Advantage and Civil Conspiracy. From the actual complaint:
'SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized
access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.'"
By making use of soon to expire passwords. They didnt exploit a flaw, they used credentials they were not authorized to use.
Ice Cream has no bones.
You do know that there is an alternative explanation for that? The sites in question may well let googlebot in without registering...
That little link to read the complaint actually includes rather shocking detail concerning how blatant SAP's misuse of the logins they used was. Not to mention the fact that they HAD to know they were leaving fingerprints left right and center, for example with one login they had downloaded 1800 distinct packages over 4 days, where the original user of the login was logging usage around 20 downloads per month.
Ice Cream has no bones.
It's only the third-largest software company in the world.
One has to wonder if there was a discount if you passed along your Oracle support credentials. That would be an interesting marketing strategy.
One problem is that these customers downloaded files which weren't supposed to be made available to them under the terms of their support contracts. Why were their accounts able to get to these files then? I'm not sure that Oracle would want to admit they can't control the security of their own website, even if it boosts the credibility of the rest of their complaint.
Skip the press release and go right to the Complaint. (IT IS A PDF!! You've been warned.)
.. paranoid crackpot leftover from the days of Amiga.
SAP is the largest software company in Europe.
SAP has over 17K customers and 27K employees worldwide with over half of the Fortune 500 being customers. Oracle and SAP are now basically the only big players in the ERP arena. ERP stands for Enterprise Resource Planning, basically the software that runs medium to large businesses. If you've been programming for 15 years and have never heard of SAP you have either worked in small companies or have worked in Peoplesoft, JD Edwards (both now Oracle comapanies), Infor, or Sage shops.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
FYI, the difference between your quote and mine is that you cited to the American Depository Receipts of SAP, not their actual stock. This is a depository receipt for the stock, not an actual share - but the price is generally a very close proxy to it. (See Wikipedia ADR entry)
And here is a link to Oracle's : robots.txt. Only this line "Disallow: /support/metalink/index.html" forbids access to the support/ branch. I am not sure this is enough...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Well, there are certain things that Slashdot readers are assumed to know. The name of the third largest software company in the world is one of those things. Also, the rude, short post that could have been answered in a five second trip to google or wikipedia didn't help either. If I were moderating, I think I would have gone for Troll, though.
>For instance, they have some kind of ORM tool, but JBoss bought Hibernate, which has now become nearly standard, as much of it is backed by/included with EJB 3. Adobe bought JRun from Alaire which, at the time, Oracle had the cash to purchase. Instead, as far as I know, Oracle chooses not to provide their own Servlet container. Furthermore, they probably could've bought BEA at some point, but chose not to. Arguably this could have made them be what it appears they're trying to become - an end to end solution for application development.
Oracle has a lot of technology revolving around Java. For example, the ORM you are talking about is TOPLINK (which they bought a while back). Several of their engineers worked on the JPA (Java Persistence API) JSR, along with some of the hibernate guys. The result, we now have JPA (which Toplink and Hibernate support) instead of the POS EJB2 specs. Oracle is open sourcing Toplink and you can use as your JPA provider if you wish (along with Hibernate, or OpenJPA from Apache). I personally would use either TopLink or Hibernate for JPA as both those products are well supported and are stable (they've been around for a while). In regards to the J2EE server, Oracle does have a J2EE container (which also includes a servlet engine), it's called OC4J (Oracle Container for J2EE). They've had that for a *REALLY* long time, it used to be called Orion (which is as old as the Jboss J2EE server).
Java is doing well in enterprise development. The big boys are all gearing their future towards it. Look at Oracle's Fusion which leverages their J2EE stack, SAP is also doing the Java/J2EE thing with their Netweaver platform. And let's not forget IBM's WebShere Java Portfolio. Then there's the other lesser 3-lettered company's like SUN, BEA and etc..
Nitpick: It actually was "Systemanalyse und Programmentwicklung" originally, but German confused Americans, so they changed it to something that would work in both languages. And now, like so many acronyms, it simply stopped being one.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Quote: "don't get it. If SAP *did* steal Oracle's code, why would the *want* to do this? SAP is the number 1 application suite in use in the *world*. It doesn't make sense for them to steal code.
Could this lawsuit be nothing more than Larry being Larry?"
Because it wasn't just SAP AG (the packaged apps side of the house), but rather the TomorrowNow division of SAP, who *sells* 3rd party support for Oracle applications (JDE, PSoft, and Siebel). That why the support doc's, patches, and other info form the site was valuable. With that information TomorrowNow would be able to offer the same level of technical knowledge and patches as Oracle (that's where the $$ aspect of the suit comes in to play). Read the PDF on their site for more info on the suit. -JB