RE: OPS$

From: Rachel Carmichael <wisernet100_at_yahoo.com>
Date: Wed, 30 Jan 2002 19:28:42 -0800
Message-ID: <F001.004016E3.20020130180531@fatcity.com>

yep... any account set up as "identified externally" should have its privileges scrutinized CAREFULLY and you should not grant any of the default roles, Connect, Resource and most especially NOT DBA.

• "Deshpande, Kirti" <kirti.deshpande_at_verizon.com> wrote:
  > We use REMOTE_OS_AUTHENT in many of our databases. I know we
  > shouldn't do
  > this, but we have to, and that's another topic...
  >
  > We also use a specific auth prefix.
  >
  > Now, can someone show me how a Windoze user, 'GOD' get in the
  > database when
  > I do not have a user, '<Auth_Prefix>GOD' in my database.
  >
  > I say, I have nothing to worry about this setup as long as 'GOD' user
  > in my
  > database is controlled appropriately via roles, grants, profile
  > etc....
  >
  > Sure, if I had <auth_prefix>GOD in the database, I will be looking
  > for
  > another job....
  > Right?
  >
  > - Kirti
  >
  > -----Original Message-----
  > Sent: Wednesday, January 30, 2002 4:45 PM
  > To: Multiple recipients of list ORACLE-L
  >
  >
  > "Smith, Ron L." wrote:
  > >
  > > Can you explain that? You have me scared now.
  > >
  >
  > Ron,
  >
  > Do not forget the postulate 'if you set remote_os_authent to
  > TRUE'.
  > This is not the default (although it has not always been, but it
  > dates
  > back to SQL*Net V1)
  >
  > > -----Original Message-----
  > > Sent: Wednesday, January 30, 2002 4:00 PM
  > > To: Multiple recipients of list ORACLE-L
  > >
  > > They can also set their username to 'SYSTEM'.
  > >
  > > Jared
  > >
  > > Rachel Carmichael <wisernet100_at_yahoo.com>
  > > Sent by: root_at_fatcity.com
  > > 01/30/02 11:25 AM
  > > Please respond to ORACLE-L
  > >
  > >
  > > To: Multiple recipients of list ORACLE-L
  > <ORACLE-L_at_fatcity.com>
  > > cc:
  > > Subject: Re: OPS$
  > >
  > > anyone can name their pc "oracle" and then connect in if you set
  > > "remote_os_authent"
  >
  > --
  > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > --
  > Author: Deshpande, Kirti
  > INET: kirti.deshpande_at_verizon.com
  >
  > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
  > San Diego, California -- Public Internet access / Mailing
  > Lists
  > --------------------------------------------------------------------
  > To REMOVE yourself from this mailing list, send an E-Mail message
  > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
  > the message BODY, include a line containing: UNSUB ORACLE-L
  > (or the name of mailing list you want to be removed from). You may
  > also send the HELP command for other information (like subscribing).
  

  ---

Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: wisernet100_at_yahoo.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Received on Wed Jan 30 2002 - 21:28:42 CST