When it comes to SQL Server authentication brute-force attack vulnerability, the situation is not so favorable. SQL Server Authentication has no features that allow detecting when the system is under a brute-force attack. Moreover, SQL Server is very responsive when it comes to validating the SQL Server authentication credentials. It can easily handle repeated, aggressive, brute-force login attempts without negative overall performance that might indicate such attacks. This means that the SQL Server Authentication is a perfect target for password cracking via brute-force attacks
Also, brute-force methods are evolving with each newly introduced encryption and password complexity method. For example, attackers that use rainbow tables (the pre-computed tables for reversing the cryptographic hash values for every possible combination of characters) can easily and quickly crack any hashed password
Ondrej Krehel, CISSP, CEH, CEI, EnCE, is the founder and principal of LIFARS LLC, an international cybersecurity and digital forensics firm. He's the former Chief Information Security Officer of Identity Theft 911, the nation's premier identity theft recovery and data breach management service. He previously conducted forensics investigations and managed the cyber security department at Stroz Friedberg and the Loews Corporation. With two decades of experience in computer security and digital forensics, he has launched investigations into a broad range of IT security matters, from hacker attacks to data breaches to intellectual property theft. His work has received attention from CNN, Reuters, The Wall Street Journal, and The New York Times, among many others.
Hi Mike,just downloaded the 20190823 version of autoupgrade.jar.During analyze run I got the error UPG-1316.In the log file:2019-09-10 13:26:42.400 ERROR============================ check info ============================[LXTOID2][DISK_SPACE_FOR_RECOVERY_AREA][ERROR]============================ check info ======================================================= trace start ==============================Exception: IOExceptionErr message: Unable to determine the amount of usable free space available on +lxtoid2_fra_dgoracle.upgrade.commons.helpers.Utilities.getUsableSpace(Utilities.java:682)oracle.upgrade.commons.dbinspector.checks.disk_space_for_recovery_area.checkCode(disk_space_for_recovery_area.java:89)oracle.upgrade.commons.dbinspector.Check.presentInDb(Check.java:227)oracle.upgrade.commons.dbinspector.CheckTrigger.call(CheckTrigger.java:72)oracle.upgrade.commons.dbinspector.CheckTrigger.call(CheckTrigger.java:40)java.util.concurrent.FutureTask.run(FutureTask.java:266)java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)java.lang.Thread.run(Thread.java:748)
can you try creating a GRP by yourself, and drop it afterwards?Can you check parameters db_recovery_file_dest_size and db_recovery_file_dest?Do you use upg1.restoration=NO explicitly, or do you run with the default assuming that the database in in ARCHIVELOG mode?And finally, do you have an SR open where we can check the logs? 2b1af7f3a8