|
-
I have installed Oracle 8.1.5.0.0 on Windows NT 4.0.
In SQL*Plus, I find a very strange phenomenon: Every user (even a very common one) can be promoted as a sysdba by the following simple command:
connect / as sysdba;
Then the user is able to act as the super-user sys and even shutdown the database.
It means that there is not any security for the DB? I doubt that there must be some mechanism to prevent it.
moonriver
-
I think your probably doing it on your machine.
connect / as sysdba is (i think) OS authenticated. If your logged on as a system administrator then you can log on as sysdba.
If you try logging onto NT as non sys-admin and try again to test this.
-
sysdba is a very special role which can only be granted to specefic users by the 'internal' user who creates (and therefore knows the password) the password file.
Not everyone can connect as sysdba.
If it is happening, it is because of implementing OS authentication in which any user logging in the OS as a priveleged system administrator is automatically granted the sysdba role in Database.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote