Security..

**Beejay** · 03-26-2003, 11:43 AM

Hi Guys

I can log on to oracle 9i sql plus using any user with any password as sysdba. How can i avoid that access becuase any one can access the DD views.

for ex if i say connect s/a as sysdba or connect p/o as sysdba or any alphabets or user name not in the user list its allowing the access. If you have any knowledge of it kndly let me know

Thanks
BeeJay

**bgill** · 03-26-2003, 12:00 PM

Hi,
are you using o/s authentication?
Is the username that you use to originally log into your system a member of dba group or OPS$ user in the database?

On my system (solaris 8) the 'oracle user is an OPS$ user in the database. If i log in as oracle I can then connect as sysdba in the same way that you are doing.

HTH

**bgill** · 03-26-2003, 12:14 PM

If you want to check OPS$ (or EXTERNAL) users you can do this

SVRMGR> select username, password from dba_users where password ='EXTERNAL';
USERNAME PASSWORD
------------------------------ ------------------------------
OPS$ORACLE EXTERNAL

In this case as long as my o/s login is as the 'oracle' user
i can do the following

login: oracle
Password:
Last login: Wed Mar 26 15:59:48 from 10.200.100.103
[suntest] /export/home/oracle# sqlplus /

SQL*Plus: Release 8.1.7.0.0 - Production on Wed Mar 26 16:13:38 2003

(c) Copyright 2000 Oracle Corporation. All rights reserved.

Connected to:
Oracle8i Enterprise Edition Release 8.1.7.2.0 - Production
JServer Release 8.1.7.2.0 - Production

SQL> sho user
USER is "OPS$ORACLE"
SQL> connect mickey/mouse as sysdba
Connected.
SQL> sho user
USER is "SYS"
SQL>

Hope this helps

**Beejay** · 03-27-2003, 11:23 AM

Thanks Bgill
For the reply..

No its not OS authenticated... by typing any alapbetes/password as sysdba its allwoing access.
Please reply if you have any idea about this

BeeJay

**bgill** · 03-27-2003, 11:41 AM

I did some more checking on this.
I found that you do not nescessarily need to be OPS$ user for this to happen. I found that I could do the same thing if my o/s login was as a user that was a member of the dba group.

What is your o/s ?

when you login at o/s level check if your o/s user is a member of the dba group.

**yanban** · 03-27-2003, 01:39 PM

see there the explanation given by Jmodic :

http://www.dbasupport.com/forums/sho...threadid=29910

**Beejay** · 04-01-2003, 10:28 AM

Thanks a lot YanBan.

Thazzz really a great link by Jurij Modic.Once again thanks for the help and support.

BJ

Thread: Security..

Thread Tools

Display

Security..

Posting Permissions