14

When installed, and depending on which options it is installed with, there are a bunch of standard users pre-created in Oracle. Additionally, third-party software often has its own set of schemas/users that will be created in the database as part of the application install or setup.

Is there a list of these users, preferably with the 'source' (such as Standard oracle user, Application XXX)?

This would assist me in auditing which users are needed and which might be superfluous. Default passwords would also be useful to confirm that the defaults are not usable.

e-sushi
  • 1,296
  • 2
  • 14
  • 41
Gary
  • 884
  • 7
  • 12

1 Answers1

7

An excellent starting point is the list on Pete Finnegan's website. [I'm not employed by him or his company. ]

Usernames in the format APEX_nnnnnn or FLOWS_nnnnnn (also APEX_PUBLIC_USER) are associated with the Application Express component of Oracle. This is an optional component in 9i and 10g, but is part of the standard install for an Oracle 11g database (and the XE edition of 10g).

http://www.petefinnigan.com/default/oracle_default_passwords.htm

Gary
  • 884
  • 7
  • 12
  • 1
    Also not working for him, but he does have some bloody good Oracle security auditing tools. Check out http://www.cervello.co.uk/ – Rory Alsop Dec 30 '10 at 02:21