DBAsupport.com Forums - Powered by vBulletin
Results 1 to 4 of 4

Thread: For All DBA's Look in This

  1. #1
    Join Date
    May 2001
    Posts
    41
    Can any one help in this...?

    See if you create a user and just grant connect,resource Then that user can connect that ordinary user as sysdba then they can change any others or system password..?

    Okay.....

    and the users connecting for SQL* Plus and they can change the his password without asking to DBA.
    Just by typing in SQL* Plus
    SQL> password
    Changing password for DEMO
    Old password: ****
    New password: **
    Retype new password: **
    Password changed

    and
    SQL> alter user demo identified by ok;

    User altered.


    Please tell me how to protect for this....

    i am not granted dba or any other privileges...

    This new version supports very much for users and theyre is no protection...


  2. #2
    Join Date
    Nov 2000
    Location
    Israel
    Posts
    268
    Hi,
    you can create a profile or role and grant the role/profile to user disabling him the change password option.

    regards.

  3. #3
    Join Date
    May 2001
    Posts
    41
    Originally posted by rotem_fo
    Hi,
    you can create a profile or role and grant the role/profile to user disabling him the change password option.

    regards.
    No man

    You can create profile or anything this version itself supports Please try and see.... Really..

    That things also done....


  4. #4
    Join Date
    Mar 2000
    Location
    Chennai.Tamilnadu.India.
    Posts
    658

    Solution

    Hi, 21st May 2001 16:36 hrs chennai

    The DBA has got all privilege to reset a users password.

    But a Ordinary User cannot change the others password.

    The password command helps the current user logged to change his password.

    The syntax alter user username identified by pwd helps in general the dba or the user to change the password of any user based on the prvilige you have.

    Lets take a scenario like this
    ===================

    A user cannot connect and change the password of others unless internal grants sysdba to the user like

    >grant sysdba to username;

    then the user will connect as

    connect username/pwd as sysdba

    he can now change the password of even sys but not of internal.

    The internal pwd can be set from orapwd or from oradim from server side.

    So connecting as internal you can reset all user from sys to sytem etc..

    So always DBA knows to whom he should grant sysdba .Definitely no to mischief makers.

    Here is a situation which happened to me.

    Even if a user writes a logon trigger from his account from client side it locks all the accounts from connecting . Finally i connected as internal then disabled the particular trigger in the that schema.

    So the DBA can well manage this kind of situations.

    Even if the DBA forgets internal password as i have told above he can set up new password as said above from his server side.Offcourse you will be well aware the server system is well protected from entry.

    So now you will be clear the DB is well secured.

    Cheers

    Padmam

    [Edited by padmam on 05-21-2001 at 08:24 AM]
    Attitude:Attack every problem with enthusiasam ...as if your survival depends upon it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width