| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: OPS$
Rachel Carmichael wrote:
>
> yep... any account set up as "identified externally" should have its
> privileges scrutinized CAREFULLY and you should not grant any of the
> default roles, Connect, Resource and most especially NOT DBA.
>
Rachel,
I assume that you mean 'when remote_os_authent is set to TRUE', in
which case I fully agree with you. Otherwise, my position is :
a) Keep remote_os_authent to FALSE
b) Use an ops$oracle or similar account as DBA for maintenance tasks you
regularly run through cron or similar - you will not have any hard-coded
password anywhere
c) When people want to create database links to your database, create a
SPECIFIC account for it, with minimal privileges
d) Educate your users e) Educate your users f) Educate your users
-- Regards, Stephane Faroult Oriole Ltd -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephane Faroult INET: sfaroult_at_oriole.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Thu Jan 31 2002 - 03:27:28 CST
 |
 |