Deface a web site

["Leung, Annie LDB:EX" <annie.leung () bcliquorstores com>]

Hi list members,

The scenario is that a web site is running in a Windows 2000 machine with
Oracle web/application server environment (Apache-based), J2EE, HTML. The
web application is deployed by logged in using the administrator account
(cloned from the original). That implies the web application runs with admin
privileges, right? Database and authentication details are in other servers.

Q1: What are the risks for a web application running with admin privileges?

Q2: In this scenario, is it easier or no difference when trying to deface a
web site? Is it really depending on how the pages are coded?

Any input would be appreciated. Thanks in advance.

Annie 
EDP Auditor