5 Replies Latest reply: May 2, 2012 3:38 PM by 677044 RSS

    Changing XS$NULL's password

    AliD
      Hi,

      I have a security audit to not have any user with default password in 11gr1. This can be queried from
      select username,account_status
      from dba_users
      where username in
      (SELECT username
      FROM dba_users_with_defpwd)
      Now, I understand XS$NULL is not real user and documentation says *"An internal account that represents the absence of a user in a session. Because XS$NULL is not a user, this account can only be accessed by the Oracle Database instance. XS$NULL has no privileges and no one can authenticate as XS$NULL, nor can authentication credentials ever be assigned to XS$NULL."*

      But what happens if I change its password? Will some functionality break?
        • 1. Re: Changing XS$NULL's password
          sb92075
          But what happens if I change its password?
          what SQL would you issue to accomplish this change?
          Will some functionality break?
          After you change it, report back what you learned.
          • 2. Re: Changing XS$NULL's password
            AliD
            Hi SB,
            what SQL would you issue to accomplish this change?
            AFAIK there's two ways to change a password, either use "alter user identified by" or insert the hashed password into sys.usesr$ (in 11g you need both DES and SHA-1 hashes). You could easily guess which one I pick.
            After you change it, report back what you learned.
            I will change it after I learn what will happen.
            • 3. Re: Changing XS$NULL's password
              AliD
              FYI, Reply from Oracle Support:

              "If you do this then the XS feature will not work anymore. Please do not change the password of this user."
              • 4. Re: Changing XS$NULL's password
                859830
                Ok! Thanks for this help, but... what is this XS feature?
                • 5. Re: Changing XS$NULL's password
                  677044
                  XS$NULL have no any objects in XE 11g R2default installation. Checked from obj$ with owner#=2147483638.
                  Excluded from normal export and datapump export.
                  Excluded from Data Guard Logical Standby activity monitoring support.
                  Hidden any future objects from all sys views.
                  XS$NULL related with XDB schema list.
                  Database contain some XSD under /xs/
                  Oracle rdbms SQLs talk about Fusion and Security.

                  Maybe some advanced security option from Fusion Middleware...

                  Oh, and I found a little mispelling in /xs/roleset.xsd:
                  "DESCRIPTION
                  Register XS Role SEt schema"

                  "Set" typed as "SEt" :)