Oracle数据库11.2 Express Edition Beta 版有默认的APEX用户和默认密码

C:\>sqlplus apex_040000/oracle@192.168.2.38/XE

SQL*Plus: Release 11.1.0.7.0 - Production on Sat Apr 2 13:33:24 2011

Copyright (c) 1982, 2008, Oracle. All rights reserved.

Connected to:

Oracle Database 11g Express Edition Release 11.2.0.2.0 - Beta

SQL> desc dba_users

Name Null? Type

—————————————– ——– —————————-

USERNAME NOT NULL VARCHAR2(30)

USER_ID NOT NULL NUMBER

PASSWORD VARCHAR2(30)

ACCOUNT_STATUS NOT NULL VARCHAR2(32)

LOCK_DATE DATE

EXPIRY_DATE DATE

DEFAULT_TABLESPACE NOT NULL VARCHAR2(30)

TEMPORARY_TABLESPACE NOT NULL VARCHAR2(30)

CREATED NOT NULL DATE

PROFILE NOT NULL VARCHAR2(30)

INITIAL_RSRC_CONSUMER_GROUP VARCHAR2(30)

EXTERNAL_NAME VARCHAR2(4000)

PASSWORD_VERSIONS VARCHAR2(8)

EDITIONS_ENABLED VARCHAR2(1)

AUTHENTICATION_TYPE VARCHAR2(8)

SQL> select * from user_role_privs;

USERNAME GRANTED_ROLE ADM DEF OS_

—————————— —————————— — — —

APEX_040000 CONNECT NO YES NO

APEX_040000 RESOURCE YES YES NO

SQL> select * from user_sys_privs;

USERNAME PRIVILEGE ADM

—————————— —————————————- —

APEX_040000 CREATE TRIGGER YES

APEX_040000 CREATE SYNONYM YES

APEX_040000 UNLIMITED TABLESPACE YES

APEX_040000 ALTER SESSION NO

APEX_040000 CREATE JOB YES

APEX_040000 CREATE DIMENSION YES

APEX_040000 CREATE SEQUENCE YES

APEX_040000 CREATE TABLE YES

APEX_040000 ALTER USER NO

APEX_040000 CREATE USER NO

APEX_040000 CREATE SESSION YES

APEX_040000 CREATE OPERATOR YES

APEX_040000 ALTER DATABASE NO

APEX_040000 DROP USER NO

APEX_040000 CREATE INDEXTYPE YES

APEX_040000 CREATE MATERIALIZED VIEW YES

APEX_040000 CREATE VIEW YES

APEX_040000 CREATE CLUSTER YES

APEX_040000 CREATE ANY CONTEXT YES

APEX_040000 CREATE PROCEDURE YES

APEX_040000 DROP PUBLIC SYNONYM NO

APEX_040000 DROP TABLESPACE NO

APEX_040000 CREATE TABLESPACE NO

APEX_040000 CREATE TYPE YES

APEX_040000 CREATE ROLE NO

APEX_040000 CREATE PUBLIC SYNONYM NO

26 rows selected.

SQL>

危害：这个APEX用户，可以修改数据库中任何用户密码。

修复：安装数据库后，修改APEX用户默认密码