Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: oracle authentication from windows

RE: oracle authentication from windows

From: Jacques Kilchoer <Jacques.Kilchoer_at_quest.com>
Date: Fri, 20 Jun 2003 12:23:07 -0700
Message-ID: <F001.005B6B34.20030620120528@fatcity.com> 





(my question follows)



> -----Original Message-----

> From: Seefelt, Beth [mailto:[EMAIL PROTECTED]

> 

> I disagree.  Remote OS authentication is not inherently insecure in

> Windows like it is in Unix.  If you prefix the account names with the

> domain name, a user would not only have to spoof the 

> username, he would

> have to spoof the domain name too.  At that point, you probably have

> bigger problems than access to your database.  Also, in that 

> situation,

> only the security token is going over the network, not your 

> password in

> clear text.  The caveat is that you should be using the 

> *domain name* as the prefix, not OPS$.





I don't understand how to accomplish this in practice. I currently sign on to the 
Windows Network for domain MYDOMAIN with userid JKILCHOE. By running the query 
suggested by Mr. Nanda I see that Oracle thinks my username is jkilchoe:
SQL> select sys_context ('userenv', 'os_user') from dual



SYS_CONTEXT('USERENV','OS_USER')





jkilchoe



If I set


os_authent_prefix = MYDOMAIN


and create an Oracle username MYDOMAINJKILCHOE



how does that stop someone else from creating a local user JKILCHOE on their machine, 
signing on to their local machine as JKILCHOE, and then using SQL*Net to connect to 
the database as MYDOMAINJKILCHOE ?


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jacques Kilchoer
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Jun 20 2003 - 14:23:07 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US