I would like to consider the changing of my sys & system accounts to help thwart off hackers.
I have utilized the list of khown username/password combinations available at Finnigan.com to eliminate the "easy guess"
Why give them half the information they need anyway!!
I cannot recall encountering this at any of the sites I have worked at.
I am either innovative or a damn fool.
Wouldnt the new account with equal elevated privleges be considered a "backdoor" into the DB, and therefore a larger liability than having the the default username(s) in place?
Would I encounter issues in the periodic admin requirements like on/offlining resources? Tablespaces etc? Starting stopping?
Patching?
Pros - cons - pitfalls?
Thanks for you reply!
E
Locking the system and sys accounts is viable; I do this on all the databases I manage. You can still / as sysdba when logged into the host and applying patches etc. What do you mean by changing? You're not suggesting creating a new user that will own all the objects that sys currently owns are you?
Actually I was considering another user with dba privleges, but with the SYSTEM account apparently not required to be in a unlocked/enabled state, and the connect / as sysdba working for me I wouldnt need the additional account.
thats fine then, though if you want to connect as sysdba over the network then you wouldnt be do this if sys was locked and you didnt have another user setup
I was told , but I have not tested that the sys account cannot be locked.
If you lock it you will get acknowlegement that the lock occurred, but a connect will still work.
Reply With Quote
Bookmarks