Re: OPS$

From: Rachel Carmichael <wisernet100_at_yahoo.com>
Date: Thu, 31 Jan 2002 06:00:19 -0800
Message-ID: <F001.00401DB8.20020131052026@fatcity.com>

I understood that but the point is, unless the account has both DBA privileges AND is identified externally, the problem doesn't exist as such

• Jared Still <jkstill_at_cybcon.com> wrote:
  >
  > The SYSTEM account was just an example, it could be any
  > account with DBA privileges.
  >
  > With current versions of Oracle I haven't found any 'backdoors'
  > such as the one that existed in Oracle 7.x, though I may keep
  > looking.
  >
  > Jared
  >
  > On Wednesday 30 January 2002 18:05, Rachel Carmichael wrote:
  > > okay if the prefix string is set to an empty string, then the "OS
  > > username" is the same name as that used to sign in to the client.
  > So
  > > if you have an empty prefix, and someone logs onto their PC as
  > "SYSTEM"
  > > then if they do sqlplus, they should be able to get into the system
  > > account.
  > >
  > > Except... system isn't set as "identified externally" they'd have
  > to
  > > enter the password right? Jared??????
  > >
  > > but any Oracle account you create as "identified externally"
  > (meaning
  > > the OS does the password validation, Oracle presumes the security
  > is
  > > there) can log onto the database by setting the client login to
  > that
  > > name
  > >
  > > --- "Smith, Ron L." <rlsmith_at_kmg.com> wrote:
  > > > Can you explain that? You have me scared now.
  > > >
  > > > -----Original Message-----
  > > > Sent: Wednesday, January 30, 2002 4:00 PM
  > > > To: Multiple recipients of list ORACLE-L
  > > >
  > > >
  > > > They can also set their username to 'SYSTEM'.
  > > >
  > > > Jared
  > > >
  > > >
  > > >
  > > >
  > > >
  > > > Rachel Carmichael <wisernet100_at_yahoo.com>
  > > > Sent by: root_at_fatcity.com
  > > > 01/30/02 11:25 AM
  > > > Please respond to ORACLE-L
  > > >
  > > >
  > > > To: Multiple recipients of list ORACLE-L
  > > > <ORACLE-L_at_fatcity.com>
  > > > cc:
  > > > Subject: Re: OPS$
  > > >
  > > >
  > > > anyone can name their pc "oracle" and then connect in if you set
  > > > "remote_os_authent"
  > > >
  > > > --- "Smith, Ron L." <rlsmith_at_kmg.com> wrote:
  > > > > Does anyone have any information on security problems using the
  > > >
  > > > OPS$
  > > >
  > > > > account?
  > > > >
  > > > > Ron
  > > > > --
  > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > > > > --
  > > > > Author: Smith, Ron L.
  > > > > INET: rlsmith_at_kmg.com
  > > > >
  > > > > Fat City Network Services -- (858) 538-5051 FAX: (858)
  > 538-5051
  > > > > San Diego, California -- Public Internet access /
  > Mailing
  > > > > Lists
  > > >
  > > >
  > --------------------------------------------------------------------
  > > >
  > > > > To REMOVE yourself from this mailing list, send an E-Mail
  > message
  > > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru')
  > and in
  > > > > the message BODY, include a line containing: UNSUB ORACLE-L
  > > > > (or the name of mailing list you want to be removed from). You
  > may
  > > > > also send the HELP command for other information (like
  > > >
  > > > subscribing).
  > > >
  > > >
  > > > __________________________________________________
  > > > Do You Yahoo!?
  > > > Great stuff seeking new owners in Yahoo! Auctions!
  > > > http://auctions.yahoo.com
  > > > --
  > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > > > --
  > > > Author: Rachel Carmichael
  > > > INET: wisernet100_at_yahoo.com
  > > >
  > > > Fat City Network Services -- (858) 538-5051 FAX: (858)
  > 538-5051
  > > > San Diego, California -- Public Internet access / Mailing
  > > > Lists
  > > >
  > --------------------------------------------------------------------
  > > > To REMOVE yourself from this mailing list, send an E-Mail message
  > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and
  > in
  > > > the message BODY, include a line containing: UNSUB ORACLE-L
  > > > (or the name of mailing list you want to be removed from). You
  > may
  > > > also send the HELP command for other information (like
  > subscribing).
  > > >
  > > >
  > > >
  > > > --
  > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > > > --
  > > > Author:
  > > > INET: Jared.Still_at_radisys.com
  > > >
  > > > Fat City Network Services -- (858) 538-5051 FAX: (858)
  > 538-5051
  > > > San Diego, California -- Public Internet access / Mailing
  > > > Lists
  > > >
  > --------------------------------------------------------------------
  > > > To REMOVE yourself from this mailing list, send an E-Mail message
  > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and
  > in
  > > > the message BODY, include a line containing: UNSUB ORACLE-L
  > > > (or the name of mailing list you want to be removed from). You
  > may
  > > > also send the HELP command for other information (like
  > subscribing).
  > > > --
  > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > > > --
  > > > Author: Smith, Ron L.
  > > > INET: rlsmith_at_kmg.com
  > > >
  > > > Fat City Network Services -- (858) 538-5051 FAX: (858)
  > 538-5051
  > > > San Diego, California -- Public Internet access / Mailing
  > > > Lists
  > > >
  > --------------------------------------------------------------------
  > > > To REMOVE yourself from this mailing list, send an E-Mail message
  > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and
  > in
  > > > the message BODY, include a line containing: UNSUB ORACLE-L
  > > > (or the name of mailing list you want to be removed from). You
  > may
  > > > also send the HELP command for other information (like
  > subscribing).
  > >
  > > __________________________________________________
  > > Do You Yahoo!?
  > > Great stuff seeking new owners in Yahoo! Auctions!
  > > http://auctions.yahoo.com
  > --
  > Please see the official ORACLE-L FAQ: http://www.orafaq.com
  > --
  > Author: Jared Still
  > INET: jkstill_at_cybcon.com
  >
  > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
  > San Diego, California -- Public Internet access / Mailing
  > Lists
  > --------------------------------------------------------------------
  > To REMOVE yourself from this mailing list, send an E-Mail message
  > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
  > the message BODY, include a line containing: UNSUB ORACLE-L
  > (or the name of mailing list you want to be removed from). You may
  > also send the HELP command for other information (like subscribing).
  

  ---

Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: wisernet100_at_yahoo.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Received on Thu Jan 31 2002 - 08:00:19 CST