A brain teaser ?

**cruser3** · 03-16-2005 02:42 PM

OS:Sol. 2.8
r:9i.2.0.4

DBA creates a test user with connect, resource priv !
the test user then does a

conn / as sysdba
>connected

How to now prevent this i.e any user can conn as sys ?

**Mr.Hanky** · 03-16-2005 02:59 PM

Simple...

SHOOT THE GAWDAMN USER!!

Next time challenge me please.

**Axr2** · 03-16-2005 03:05 PM

You're probably authenticating at the OS level.

**Mr.Hanky** · 03-16-2005 03:17 PM

Well, this.....
conn / as sysdba
>connected

Has nothing to do with the id created.

I still say shoot em!!

**KenEwald** · 03-16-2005 03:43 PM

Simple solution, "don't do that". Don't let the user connect directly to the server. Change the password. If they know the sys password, change it too.

Use a client installed program.

If they try "connect / as sysdba", they'll get "ORA-01031 - Insufficient Privileges"

Oh, and, yea..., don't forget to submit that TPS report, K

**Mr.Hanky** · 03-16-2005 03:52 PM

Originally posted by KenEwald

Oh, and, yea..., don't forget to submit that TPS report, K

F^&*in A, i'm going home to watch Kung Fu.

**cruser3** · 03-16-2005 04:12 PM

Axr2 - u're right on the dot..turns out the "DBA" is a developer transitioning to the exalted "DBA" role and was su -ing into a user in the dba group and creating the test user !!

Mr. Hanky - I may have to stop believing in arms control.....!!!

**kris123** · 03-16-2005 08:23 PM

Hi friends,

Is this still true in 10g? (AIX 5L)
I issued the command under oracle user:

$ sqlplus / as sysdba
ORA-01031: insufficient privileges

Thanks

**waitecj** · 03-17-2005 04:30 AM

Are you using password file authentication?

**cruser3** · 03-17-2005 10:46 AM

Actually this is what happened, posted yesterday in a hurry:

DBA creates a test user with connect, resource priv !
then connects as the test user and does a

conn / as sysdba
>connected

Thread: A brain teaser ?

Thread Tools

Display

A brain teaser ?

Gotcha..!!!

Bookmarks

Bookmarks

Posting Permissions