I'm applying securiy on the DB and my 1st step was to identify users that have same p/w as their id.
I would like to know if a user (password same as user id) with read only privileges and this user is used for retriving data by many people is secure or not. what i mean is having password as user id in this case will make any threat to the DB. Is there a way to hack db by using this acct.
it really depends.
Any time someone access your system that isn't supposed to should be considered a breach in security. They have just gained access to vital information that they shouldn't be seeing.
They may be able to use this information to login by a different method.
For a simplistic example, what if that user was able to read the DBA_USERS view in Oracle. They now have every user defined to the system. As you know, often times users pick passwords that are easily hacked by vital information about themselves. So a real threat is there.