ORAPWD and ORADIM [message #74005] |
Fri, 20 August 2004 22:48 |
Ayham Wafai
Messages: 5 Registered: August 2004
|
Junior Member |
|
|
Folks, A user with network privileges can from the command line delete the password file and create a new one with a new INTERNAL password and access the database. The same can happen with ORADIM; one can delete the instance, create a new one with a new password, and modify great deal of the database or destroy it for that matter. Is there a practical suggestions or experimented way of preventing that. Thank you.
|
|
|
Re: ORAPWD and ORADIM [message #74053 is a reply to message #74005] |
Tue, 31 August 2004 12:38 |
croK
Messages: 170 Registered: April 2002
|
Senior Member |
|
|
On unix systems you can denied access to directory ORACLE_HOME, so noboby can delete the password file. Besides, does not exist oradim on unix.
I believe that on windows systems you can also denied access to diretory oracle_home, so nobody can delete the password file, and, in order to denied execution on ORADIM command, i assume you must revoke ORA_DBA group form users you don want to execute oracle binaries.
Hope it help.
|
|
|