I used to work for a medical lab software company. While we didn't rent our software to labs, we did charge support and maintenance, which included free upgrades, etc. As part of each contract, we notified the client that the source code was placed in escrow: in the event that we went under, all clients got free access to the source so that they could maintain it, or hire others to maintain / enhance, etc.
Seems like the same deal might work for rentals, *IF* (and I know it's a big if...) you have the clout to insist on this from the software firm.
Oracle has two equally critical accounts, SYSTEM and SYS, with well-known default passwords of "manager" and "change_on_install". Fail to change those, and your Oracle db is just as open as a blank-password sa account on m$ sqlserver.
MySQL (I'm rusty here: correct me if I'm wrong) also defaults the root user to no password, like the m$ sa user.
Not defending m$: Just pointing out that this is fairly common practice, and that there is indeed some responsibility to "know what you're doing" when opening a database up to the world...
Some people have had problems with Oracle on Linux after upgrading to 2.2.9. Matthew (mattshouse.com, an Oracle / Linux) emailed Alan Cox with some details, and received this response, which seems germain to this discussion...
(Matthew wrote) >I just received this e-mail from Alan Cox:
>>2.2.8 has an fs deadlock and an exploitable remote network crash problem. >>2.2.9 will be appearing rather shortly
(end quoted email)
Oracle users should definitely avoid 2.2.8, and it would seem that the problems Alan notes could affect non-Oracle things as well, hmmm?
Slashdot Mirror
I used to work for a medical lab software company. While we didn't rent our software to labs, we did charge support and maintenance, which included free upgrades, etc. As part of each contract, we notified the client that the source code was placed in escrow: in the event that we went under, all clients got free access to the source so that they could maintain it, or hire others to maintain / enhance, etc.
...) you have the clout to insist on this from the software firm.
Seems like the same deal might work for rentals, *IF* (and I know it's a big if
Oracle has two equally critical accounts, SYSTEM and SYS, with well-known default passwords of "manager" and "change_on_install". Fail to change those, and your Oracle db is just as open as a blank-password sa account on m$ sqlserver.
...
MySQL (I'm rusty here: correct me if I'm wrong) also defaults the root user to no password, like the m$ sa user.
Not defending m$: Just pointing out that this is fairly common practice, and that there is indeed some responsibility to "know what you're doing" when opening a database up to the world
Yikes -- of course, you're entirely correct. I even previewed my post before submitting, and still got it wrong ;-(
Thanks very much for the clarification; the problem was indeed occurring on upgrading to 2.2.8.
Regards,
BillyG
Some people have had problems with Oracle on Linux after upgrading to 2.2.9. Matthew (mattshouse.com, an Oracle / Linux) emailed Alan Cox with some details, and received this response, which seems germain to this discussion ...
(Matthew wrote)
>I just received this e-mail from Alan Cox:
>>2.2.8 has an fs deadlock and an exploitable remote network crash problem.
>>2.2.9 will be appearing rather shortly
(end quoted email)
Oracle users should definitely avoid 2.2.8, and it would seem that the problems Alan notes could affect non-Oracle things as well, hmmm?
Best Regards,
BillyG.