Database Reference
In-Depth Information
NAME
----------------------------------------------------------------
PDB
--------------------------------------------------------------------------------
SYS$BACKGROUND
CDB$ROOT
SYS$USERS
CDB$ROOT
orcl3XDB
CDB$ROOT
NAME
----------------------------------------------------------------
PDB
--------------------------------------------------------------------------------
orcl3
CDB$ROOT
However, you can query the cdb_pdbs view. This view shows the seed. For example:
SYS@orcl3>select pdb_name, status from cdb_pdbs;
PDB_NAME
--------------------------------------------------------------------------------
STATUS
-------------
PDBORCL
NORMAL
PDB$SEED
NORMAL
We can change our 12c “view” to the seed database as follows:
SYS@orcl3>alter session set container=PDB$SEED;
Session altered.
Then from within the seed we can select the users and carry out all the previous security checks on that seed
database, such checking for default user passwords. For example:
SYS@orcl3>SELECT PASSWORD FROM SYS.USER$ WHERE NAME='DBSNMP';
PASSWORD
--------------------------------------------------------------------------------
E066D214D5421CCC
The lesson from this is to spend extra effort making sure that the security is exactly right for the seed database, as
it will eventually be multitudinous. We will discuss policies and standards in the following section. First, the notion
of distributed attacks will be expanded upon in the next chapter on architecture, which includes an in-depth look
at EM12c. If the EM repository gets hacked there is a distributed problem. So, if an attacker could backdoor a large
distributed system, the need for a distributed response is increased.