OS:Sol. 2.8
r:9i.2.0.4
DBA creates a test user with connect, resource priv !
the test user then does a
conn / as sysdba
>connected
How to now prevent this i.e any user can conn as sys ?
:)
Printable View
OS:Sol. 2.8
r:9i.2.0.4
DBA creates a test user with connect, resource priv !
the test user then does a
conn / as sysdba
>connected
How to now prevent this i.e any user can conn as sys ?
:)
Simple...
SHOOT THE GAWDAMN USER!!
Next time challenge me please.
You're probably authenticating at the OS level.
Well, this.....
conn / as sysdba
>connected
Has nothing to do with the id created.
I still say shoot em!!
Simple solution, "don't do that". Don't let the user connect directly to the server. Change the password. If they know the sys password, change it too.
Use a client installed program.
If they try "connect / as sysdba", they'll get "ORA-01031 - Insufficient Privileges"
Oh, and, yea..., don't forget to submit that TPS report, K
F^&*in A, i'm going home to watch Kung Fu.Quote:
Originally posted by KenEwald
Oh, and, yea..., don't forget to submit that TPS report, K
Axr2 - u're right on the dot..turns out the "DBA" is a developer transitioning to the exalted "DBA" role and was su -ing into a user in the dba group and creating the test user !!
Mr. Hanky - I may have to stop believing in arms control.....!!!
:D :D :D :D :D
Hi friends,
Is this still true in 10g? (AIX 5L)
I issued the command under oracle user:
$ sqlplus / as sysdba
ORA-01031: insufficient privileges
Thanks
Are you using password file authentication?
Actually this is what happened, posted yesterday in a hurry:
DBA creates a test user with connect, resource priv !
then connects as the test user and does a
conn / as sysdba
>connected
:)