-
Security of SYS account
I m using Oracle 9i and I am facing one problem about logging on the database using sysdba.
I have learnt about OS Authentication and about Password file Authentication for restricting database users from entering into the database using Connect <>/<>@db as SYSDBA.
Lets say i opt for password file authetication and set a password for sys but this password can be altered by any one who knows that by executing ORAPWD the password for sys can be altered.
Now how can i protect my sys account's password.
Thanks
-
you lock down the os account so no-one can run orapwd apart from the oracle account
-
Hi.
There are some things in life you have to deal with, one of which is that your sysadmins that have root access are database Gods if they choose to be. If they figure out how to do "su - oracle" they've got it made.
Your options are to live with it or deny them root access. I do the latter. I realize most DBAs are at the mercy of their sysadmins, but I'm a bit more annoying than your average DBA
Cheers
Tim...
-
Thats one of the posts I'd be tempted to delete, just in case any wandering SysAdmins or Developers come across this forum.
Ths situation in our place is so bad that Developers were given SySAdmin privs on Oracle Production servers, by SysAdmins (actually, they just GAVE them the same God-like userids and passwords!) and now they can't change them because so much network stufff and so many utlities will go belly up if the passwords change.
At times, I cringe.
-
Originally Posted by TimHall
I realize most DBAs are at the mercy of their sysadmins, but I'm a bit more annoying than your average DBA
Lets just leave that alone...
Jeff Hunter
-
Originally Posted by JMac
Ths situation in our place is so bad that Developers were given SySAdmin privs on Oracle Production servers, by SysAdmins (actually, they just GAVE them the same God-like userids and passwords!) and now they can't change them because so much network stufff and so many utlities will go belly up if the passwords change.
Well, you need management to come down with an edict saying the DBAs administer the database, sysadmins administer the system. Get to know your sysadmins really well and let them do their thing and they'll get out of your business.
Jeff Hunter
-
Most sysadmins tends to look at themselves as small god over the DBAs which is very annoying, but the best is for every body to know their job functions according to Marist.
The question is, is thier nothing the DBAs can do to prove them wrong?
thanks
The purpose of life is a life of purpose.
-
Originally Posted by davey23uk
you lock down the os account so no-one can run orapwd apart from the oracle account
Or simply rename/hide the file and make sure you remember what you renamed it to or where you hide it
Amar
"There is a difference between knowing the path and walking the path."
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|