privilege sysdba
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 10 of 10

Thread: privilege sysdba

  1. #1
    Join Date
    Nov 2000
    Posts
    440

    privilege sysdba

    In 8.1.7:
    i create a user with resource, connect and the user cannot connect as sysdba;




    In 9i:
    i create a user with resource, connect and the user is able to connect as sysdba!!! He can do anything, what the hell?

  2. #2
    Join Date
    Jan 2002
    Location
    Netherlands
    Posts
    1,587
    Well that's the objective of 9i. Open for all, so everyone can play dba..
    Naah kidding,
    Try some super user priv's as this user like shutdown abort and then see.
    Tarry Singh
    I'm a JOLE(JavaOracleLinuxEnthusiast)
    TarryBlogging
    --- Everything was meant to be---

  3. #3
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,333
    in 9i there is a init.ora parameter which needs to be changed

    forget which one is it, been mentioned a couple of times in this forum

  4. #4
    Join Date
    Sep 2002
    Location
    England
    Posts
    7,333
    its actually this


    Remove or comment out the SQLNET.AUTHENTICATION_SERVICES = (NTS) in your sqlnet.ora and that behavior will be gone.

    for further details.

    www.dbasupport.com/forums/sh...?threadid=29910

  5. #5
    Join Date
    May 2002
    Location
    California, USA
    Posts
    175

    Smile

    Things have changed since last version of 8i. That's why.

    Oracle trust the users already authenticated by the OS - "The friend of the OS is friend of mine too". Remove the AUTHENTICATION_SERVICES = (NTS) as suggested.


    Hope that helps,

    clio_usa
    OCP 8/8i/9i DBA

    Visit our Oracle DBA site

  6. #6
    Join Date
    Nov 2000
    Posts
    440
    So a hacker connect to my server, add the following line in my sqlnet
    SQLNET.AUTHENTICATION_SERVICES = (NTS)

    And connect scott/tiger as sysdba


    THIS IS THE EASIEST WAY TO HACK A DATABASE!!!!

    THEN WHY USE PASSWORD TO PROTECT A DATABASE!!!!!

  7. #7
    Join Date
    Jun 2000
    Location
    Madrid, Spain
    Posts
    7,447
    well you can disable it huh, just get rid of ORADBA group

    plus isnt your server suppose to be better protected against hackers than your database? (at least that's how I understand IT these days huh)

  8. #8
    Join Date
    Nov 2000
    Posts
    440
    Well, i personaly know hackers, and they connect on many servers with firewalls.

    So far, i was felling secure cuse i tought you needed the password of a user that have sysdba to do serious damage to a dabatase. But no.

  9. #9
    Join Date
    May 2002
    Posts
    2,645
    Hello? That's up to you to set how users can connect with or without sysdba privileges. That is not an Oracle problem; it is an Oracle user problem.

  10. #10
    Join Date
    Nov 2000
    Posts
    440
    Im tring to find a way to let sysdba and sysoper to sys, and dont let anyone else trying to connect and do serious damage, im not telling that Oracle has errors.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width