RE: How to keep "root" out?

From: Orr, Steve <sorr_at_rightnow.com>
Date: Thu, 28 Aug 2003 13:09:26 -0800
Message-ID: <F001.005CDCA6.20030828130926@fatcity.com>

Yeah but at least it raises the bar significantly.

	-----Original Message-----
	From: Jared.Still_at_radisys.com [mailto:Jared.Still_at_radisys.com] 
	Sent: Thursday, August 28, 2003 2:50 PM
	To: Multiple recipients of list ORACLE-L
	Subject: Re: How to keep "root" out?
	Importance: High
	
	

	But someone determined to get in the database can simply edit

sqlnet.ora                                    

        "Tanel Poder" <tanel.poder.003_at_mail.ee> Sent by: ml-errors_at_fatcity.com

 08/28/2003 10:24 AM
 Please respond to ORACLE-L

        
        To:        Multiple recipients of list ORACLE-L


<ORACLE-L_at_fatcity.com> 

        cc:         
        Subject:        Re: How to keep "root" out?



	Hi! 
	  
	Put sqlnet.authentication_services = none in your server's

sqlnet.ora. Then everyone has to use a password.           

        Tanel.           

• Original Message ----- From: Walter K <mailto:ora1034_at_sbcglobal.net> To: Multiple recipients of list ORACLE-L
  <mailto:ORACLE-L_at_fatcity.com>
  Sent: Thursday, August 28, 2003 6:34 PM Subject: How to keep "root" out?

        Just for grins, I'll ask this question... Is there any way to keep the Unix "root" user from logging into the database (i.e. connect internal or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here.           

        We have a couple people in our Unix admin group that feel the need to "help" by writing their own DB monitoring scripts. Of course, they don't know what they're talking about. They do not have formal logins for the database, but since they are root users they are connecting via "connect internal". This is not only counterproductive but actually a potential security issue--just because someone has root doesn't necessarily entitle them to see the data in the database. What if it is a payroll database?           

        So, I'm curious, is there any way to prevent access via "connect internal" or "/ as sysdba"?           

        Thanks in advance.           

        W                  

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Orr, Steve
  INET: sorr_at_rightnow.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

Received on Thu Aug 28 2003 - 16:09:26 CDT