-
Security Question
Hi All,
Once the database has been created I changed the default password for System and Sys. But later, just to make sure, when I tried
$ Sqlplus /nolog
$ conn sys/< old password or any other word as password> as sysdba
It is connecting to the database and allowing me to query the dictionary tables. It is really strange to me.
Did I make any mistake? Or I have to do something else to restrict that?
Please give me the solution.
-
That means u are connecting to database using Operating system authentication .
-
How can I?
1. I donot have any O/S user as SYS
2. I did not create any O/S authentication user as externally.
Friends, can you please put some of ur valuable inputs.
Thanks
-
What is the operating system u are using .
-
Check the Os login id may be part of ora_dba group (if nt)
or dba group (if unix)
-
In your sqlnet.ora if you have SQLNET.AUTHENTICATION_SERVICES = (NTS), Oracle will rely on the OS.
Delete/comment that line to "avoid" this.
-
1 Attachment(s)
-
On Unix,u can set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in init.ora.
On WinNT,set SQLNET.AUTHENTICATION_SERVICES = (NONE) on sqlnet.ora
and set REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE in init.ora.