-
privilege sysdba
In 8.1.7:
i create a user with resource, connect and the user cannot connect as sysdba;
In 9i:
i create a user with resource, connect and the user is able to connect as sysdba!!! He can do anything, what the hell?
-
Well that's the objective of 9i. Open for all, so everyone can play dba..
Naah kidding,
Try some super user priv's as this user like shutdown abort and then see.
Tarry Singh
I'm a JOLE(JavaOracleLinuxEnthusiast)
--- Everything was meant to be---
-
in 9i there is a init.ora parameter which needs to be changed
forget which one is it, been mentioned a couple of times in this forum
-
its actually this
Remove or comment out the SQLNET.AUTHENTICATION_SERVICES = (NTS) in your sqlnet.ora and that behavior will be gone.
for further details.
www.dbasupport.com/forums/sh...?threadid=29910
-
Things have changed since last version of 8i. That's why.
Oracle trust the users already authenticated by the OS - "The friend of the OS is friend of mine too". Remove the AUTHENTICATION_SERVICES = (NTS) as suggested.
Hope that helps,
clio_usa
OCP 8/8i/9i DBA
Visit our Oracle DBA site
-
So a hacker connect to my server, add the following line in my sqlnet
SQLNET.AUTHENTICATION_SERVICES = (NTS)
And connect scott/tiger as sysdba
THIS IS THE EASIEST WAY TO HACK A DATABASE!!!!
THEN WHY USE PASSWORD TO PROTECT A DATABASE!!!!!
-
well you can disable it huh, just get rid of ORADBA group
plus isnt your server suppose to be better protected against hackers than your database? (at least that's how I understand IT these days huh)
-
Well, i personaly know hackers, and they connect on many servers with firewalls.
So far, i was felling secure cuse i tought you needed the password of a user that have sysdba to do serious damage to a dabatase. But no.
-
Hello? That's up to you to set how users can connect with or without sysdba privileges. That is not an Oracle problem; it is an Oracle user problem.
-
Im tring to find a way to let sysdba and sysoper to sys, and dont let anyone else trying to connect and do serious damage, im not telling that Oracle has errors.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|