Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Rumor Breaking
Daniel -
I'm pretty familiar with this gaping hole, but I don't believe for a second that there's anything that anyone can do to the listener.ora file to block access. Instead, a DBA should set REMOTE_OS_AUTHENT to FALSE in the init.ora file to turn off remote operating system authentication.
While I don't have any experience connecting to an Oracle database via the Mac or OS/2, I've demonstrated the lack of security when connecting from a Win95 or Win98 box. It's painfully easy to simply masquerade as another user and cause all sorts of havoc to someone else's Oracle account.
Connections from a WinNT or Win2000 box are just fine due to the logins that those operating systems require.
Is this what you had in mind?
Bye,
TG
Daniel Morgan wrote:
> I found the following text somewhere and saved it in the hope of
> figuring out something I didn't know.
>
> "Automatic logins by PC, Apple MacIntosh, and OS/2 users are not secure.
> Anyone can edit the Oracle configuration file and change their user ID.
> For security reasons, if users of these systems are logging in over the
> network, Oracle Corporation strongly recommends you disable the ops$
> logins in the listener.ora."
>
> Unfortunately, after diligent research, I can not find any referene to
> disabling externally authenticated accounts in listener.ora.
>
> Can someone please point me to a source document that explains the
> connection?
>
> Thanks.
>
> Daniel Morgan
-- ===================================================== Thomas Gaines Professional Research Assistant / Senior DBA CIRES, NGDC/NOAA 303.497.3798 (office) 303.912.1241 (cell) thomas.gaines_at_noaa.gov =====================================================Received on Tue May 07 2002 - 18:07:36 CDT