OraFAQ Forum: Server Administration » sys password changed by system

Home » RDBMS Server » Server Administration » sys password changed by system (Windows)

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

sys password changed by system [message #444103]

Thu, 18 February 2010 12:55

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

Here is an article to show a case when SYS password is changed by SYSTEM:

http://www.oracle-home.ro/Oracle_Database/Maintenance/System-can-change-sys-password.html

This behavior is not working on all the environments.

[Updated on: Thu, 18 February 2010 12:58]

Report message to a moderator

Re: sys password changed by system [message #444106 is a reply to message #444103]

Thu, 18 February 2010 12:59

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Completly useless article.
Now I understand your 5 previous weak answers, the purpose was just to put a link to your site.

Regards
Michel

[Updated on: Thu, 18 February 2010 13:00]

Report message to a moderator

Re: sys password changed by system [message #444107 is a reply to message #444106]

Thu, 18 February 2010 13:00

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

Why ?

Report message to a moderator

Re: sys password changed by system [message #444108 is a reply to message #444107]

Thu, 18 February 2010 13:01

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

In what it is useful?
Anyone knows how to change the password of a user.

Regards
Michel

Report message to a moderator

Re: sys password changed by system [message #444109 is a reply to message #444107]

Thu, 18 February 2010 13:02

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

You are right, but I want to understand why this is happening. How is possible for another user to change sys password ? Or is that link wrong ? It looks ok.

Report message to a moderator

Re: sys password changed by system [message #444110 is a reply to message #444109]

Thu, 18 February 2010 13:04

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

Yes, but ... not connected to the DB as a user <> from sys ...

Report message to a moderator

Re: sys password changed by system [message #444111 is a reply to message #444110]

Thu, 18 February 2010 13:09

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Anyone that has ALTER USER privilege can do it.

Database SQL Reference
ALTER USER

The only interesting question is "when and why it is not possible, if sometimes it is not possible".

Regards
Michel

[Updated on: Thu, 18 February 2010 13:09]

Report message to a moderator

Re: sys password changed by system [message #444113 is a reply to message #444111]

Thu, 18 February 2010 13:49

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

You can change the sys password in 10.2 if REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE or NONE.

ALTER USER privilege is found in the DBA role. DBA role is granted to the SYSTEM by default => SYSTEM can change SYS password by default.

Changing SYS password by SYSTEM is possible, and you send me the link to the documentation which underline that this is possible. This is possible, but I find it as a security issue ... What is your opinion ?

Thanks,
Cristi

[Updated on: Thu, 18 February 2010 14:00]

Report message to a moderator

Re: sys password changed by system [message #444144 is a reply to message #444113]

Thu, 18 February 2010 21:01

ramoradba
Messages: 2457
Registered: January 2009
Location: AndhraPradesh,Hyderabad,I...

Senior Member

> I find it as a security issue

It depends on your security implementations.....
Who asked/suggested you to grant all un neccesary privileges and roles to a normal one.
More over if you feel like that you should really read the Oracle documents they will suggest you well...

sriram Smile

Report message to a moderator

Re: sys password changed by system [message #444155 is a reply to message #444113]

Thu, 18 February 2010 23:24

Michel Cadot
Messages: 68718
Registered: March 2007
Location: Saint-Maur, France, https...

Senior Member
Account Moderator

Quote:

This is possible, but I find it as a security issue ... What is your opinion ?

It depends on your environment and policy.
In ours, parameter is set to NONE, SYS password is set to a random 30 characters string, so no one but those that have a local account in OS dba group can connect as SYS.
In addition, no one as DBA role and SYSTEM account is locked.
However, our dbas have of course ALTER USER privilege (through another role) to do their job but they are not allowed to change SYS password (this is logged) and more this is useless for them.

Regards
Michel

Report message to a moderator

Re: sys password changed by system [message #444174 is a reply to message #444144]

Fri, 19 February 2010 01:28

cristi_Buc
Messages: 12
Registered: February 2010
Location: Bucharest

Junior Member

sriram, SYSTEM is not a normal user, you know ...

Michel, thanks for your response (It's clear for me now). Much appreciated.

Cristi

Report message to a moderator

Previous Topic:	Oracle Patch Application
Next Topic:	indexes to be rebuild

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Mon Dec 02 23:29:10 CST 2024