Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Sues SAP for Spidering Their Support Site

Posted by CowboyNeal on from the knock-it-off dept.

TodoInSATX writes "Oracle has filed a lawsuit against SAP. Among the claims made against SAP are violations of the Federal Computer Fraud and Abuse Act and California Computer Data Access and Fraud Act, Unfair Competition, Intentional and Negligent Interference with Prospective Economic Advantage and Civil Conspiracy. From the actual complaint: 'SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers. SAP gained repeated and unauthorized access, in many cases by use of pretextual customer log-in credentials, to Oracle's proprietary, password-protected customer support website.'"

6 of 148 comments (clear)

  1. Using customer logins? by Anonymous Coward · · Score: 5, Insightful

    That's slightly different than just spidering.

  2. Re:Personnally... by Anonymous Coward · · Score: 4, Insightful

    Ever heard of OTN?

    http://otn.oracle.com/ hosts the entire documentation library of every oracle product.

    There's also http://forums.oracle.com/

    All it takes is just a little looking around and you can find help...no need to blame Oracle for keeping everything under lock and key...because they certainly don't.

  3. Re:The actual suit.. by espressojim · · Score: 3, Insightful

    if your supposedly secure support site accepts "xx" and "ss" and "User" as valid logins to access support documents and what appears to be actual product downloads... well, what the hell?


    Please let me know what your algorithm is for a valid user name. As far as I know, they are free text (which seems perfectly valid.) As for the other information, it would pass your typical regex for validation. If oracle gets a phone number, should they call it to validate that the person has the same information as the login gave. Do you run a website that does something similar, and has the same number of hits the Oracle website does?

    I appreciate a holy-than-thou attitude, but please tell me what site YOU are in charge of the security for (and if I can then pass in crap like the above, then you're in for a nice big plate of humble pie, slashdot style.) Alternatively, you're talking out your ass.
  4. Re:The actual suit.. by ivan256 · · Score: 3, Insightful

    Please let me know what your algorithm is for a valid user name.


    I don't know what you do where you work, but here's the algorithm we use:

    • Collect money from the customer in exchange for a copy of our product.
    • Declare the user name chosen by the customer to be 'valid'.


    Any site that doesn't do a manual validity check should be considered to contain public content.

  5. Who would *steal* Oracle support? by Mongoose+Disciple · · Score: 4, Insightful

    Not that I'm an SAP fan either, but based on my experiences trying to get good answers out of Oracle's support materials in the past, I'm baffled as to why anyone would even want a copy of it.

    Don't get me wrong, there are projects where I'd still use Oracle even so, but if I need Oracle support documents I'm probably going to Google and ignoring any of the responses that go to oracle.com. Generally, some random yahoo on the internet has done a better job of explaining Oracle's products/bugs/problems.

  6. Re:What by the_womble · · Score: 3, Insightful

    It's only the third-largest software company in the world.

    Yes, but its hard to install their software on a PC in your parents' basement. Therefore, from the point of view of Slashdot, SAP does not exist.