OraFAQ Forum: Security » administrator account and security !

Home » RDBMS Server » Security » administrator account and security !

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

administrator account and security ! [message #60536]

Fri, 13 February 2004 01:32

christophe
Messages: 2
Registered: February 2004

Junior Member

hello with all,

a small question about the accounts created by the base,
following the creation of a base.

there are counts created by defect:
- scott/tiger
- system
- sys
- and another

I modified the accounts sys and system at the time of creation bases.
However I can always connect myself under sql+ with "connect titi/titi
have sysdba" or "connect/have sysdba".

How to block this possibility, because no matter who can connect
himself to the base. Thus, with "connect titi/titi have sysdba", I can
lock the account of "scott". I do not manage to find infos.

server and client are on the same pc.

thank you for your answers.

Report message to a moderator

Re: administrator account and security ! [message #60537 is a reply to message #60536]

Fri, 13 February 2004 01:43

Maaher
Messages: 7065
Registered: December 2001

Senior Member

Locally, at the server you can connect as sysdba with nomatter what credentials:

SQL> conn mhe/nomatterwhatpassworditypehere as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL>

I don't think users should connect locally at the database server.

MHE

Report message to a moderator

Re: administrator account and security ! [message #60545 is a reply to message #60536]

Fri, 13 February 2004 05:43

Thiru
Messages: 1089
Registered: May 2002

Senior Member

Only users who are a member of 'dba' [[ Unix]] group or 'ora_dba' [[ windows]] group will be able to connect to the database,without supplying a password or the correct password. Other users will need to supply the correct password inorder to be able to connect as sysdba(unless you have other security holes like remote_os_authent,remote_os_roles).

eg)

<fennel: fprd></psfn/fprd> id
uid=9061(fprd) gid=22(psfn)

-- here user fprd does not belong to 'dba' group

<fennel: fprd></psfn/fprd> sqlplus /nolog

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:39:12 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

SQL> connect ops$oracle/whatever as sysdba
ERROR:
ORA-01031: insufficient privileges

SQL> connect ops$oracle/[correct_pwd] as sysdba
Connected.
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.0.1.4.0 - Production
With the Partitioning option
JServer Release 9.0.1.4.0 - Production

<fennel: fprd></psfn/fprd> sqlplus "/ as sysdba"

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:46:46 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges

-- Connecting as user Oracle 

<fennel: fprd></psfn/fprd> su - oracle
Password: 
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
FPRD@fennel:/export/home/oracle>id
uid=9000(oracle) gid=25(dba)
FPRD@fennel:/export/home/oracle>sqlplus /nolog

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:40:00 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

SQL> connect ops$oracle/whatever as sysdba
Connected.

So you'll need to control access at OS also. Only dba users should be part of the dba group.

-Thiru

Report message to a moderator

Re: administrator account and security ! [message #60559 is a reply to message #60536]

Sun, 15 February 2004 23:55

christophe
Messages: 2
Registered: February 2004

Junior Member

thank you for your answers.
I made the modifications necessary to
check and it is exact. It uses the OS account to connect itself in sysdba in condition of being in dba account of the machine.
still thank you.

Report message to a moderator

Previous Topic:	SYS & SYSTEM password lost!
Next Topic:	Unable to connect using OS authentication

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Jan 08 20:42:55 CST 2025