Security Question

Printable View

09-18-2003, 12:26 AM
newcomer

Security Question

Hi All,

Once the database has been created I changed the default password for System and Sys. But later, just to make sure, when I tried

$ Sqlplus /nolog
$ conn sys/< old password or any other word as password> as sysdba

It is connecting to the database and allowing me to query the dictionary tables. It is really strange to me.

Did I make any mistake? Or I have to do something else to restrict that?

Please give me the solution.
09-18-2003, 12:47 AM
mdash

That means u are connecting to database using Operating system authentication .
09-18-2003, 12:52 AM
newcomer

How can I?

1. I donot have any O/S user as SYS
2. I did not create any O/S authentication user as externally.

Friends, can you please put some of ur valuable inputs.

Thanks
09-18-2003, 01:01 AM
mdash

What is the operating system u are using .
09-18-2003, 02:58 AM
mdash

Check the Os login id may be part of ora_dba group (if nt)
or dba group (if unix)
09-18-2003, 03:28 AM
yanban

In your sqlnet.ora if you have SQLNET.AUTHENTICATION_SERVICES = (NTS), Oracle will rely on the OS.

Delete/comment that line to "avoid" this.
09-18-2003, 03:43 AM
wengyan

1 Attachment(s)

ORACLE Authentication
09-18-2003, 03:45 AM
wengyan

On Unix,u can set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in init.ora.
On WinNT,set SQLNET.AUTHENTICATION_SERVICES = (NONE) on sqlnet.ora
and set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in init.ora.

All times are GMT -4. The time now is 03:27 AM.