Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: OPS$

Re: OPS$

From: Rachel Carmichael <wisernet100_at_yahoo.com>
Date: Thu, 31 Jan 2002 06:02:20 -0800
Message-ID: <F001.00401E6E.20020131053536@fatcity.com> 






Stephane,



Yes, sorry, I didn't make that clear. Before setting remote_os_authent
to true, you should carefully think about what you are trying to
accomplish with it and be very sure that you are not opening up gaping
holes in your security.



I also think that you should repeat steps d through f several more
times :)



Rachel


--- Stephane Faroult <sfaroult_at_oriole.com> wrote:


> Rachel Carmichael wrote:

> > 

> > yep... any account set up as "identified externally" should have

> its

> > privileges scrutinized CAREFULLY and you should not grant any of

> the

> > default roles, Connect, Resource and most especially NOT DBA.

> > 

> 

> Rachel,

> 

>    I assume that you mean 'when remote_os_authent is set to TRUE', in

> which case I fully agree with you. Otherwise, my position is :

> a) Keep remote_os_authent to FALSE

> b) Use an ops$oracle or similar account as DBA for maintenance tasks

> you

> regularly run through cron or similar - you will not have any

> hard-coded

> password anywhere

> c) When people want to create database links to your database, create

> a

> SPECIFIC account for it, with minimal privileges

> d) Educate your users

> e) Educate your users

> f) Educate your users

> 

> -- 

> Regards,

> 

> Stephane Faroult

> Oriole Ltd

> -- 

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> -- 

> Author: Stephane Faroult

>   INET: sfaroult_at_oriole.com

> 

> Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051

> San Diego, California        -- Public Internet access / Mailing

> Lists

> --------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).







Do You Yahoo!?


Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: wisernet100_at_yahoo.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Thu Jan 31 2002 - 08:02:20 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US