| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: sqlnet.ora file security
adrian_ang wrote:
> Hi all,
>
> I have a question about sqlnet.ora file security on a host running
> Linux. As far as I know the only way without additional
> options( Database Vault) to forbid connect as sysdba without password
> on the database host is to add an entry in $ORACLE_HOME/network/admin/
> sqlnet.ora. This works ok, but how to secure this file? If I'm able to
> secure this file, for example with the immutable file attribute, it's
> meaningless , because everyone who can log on can set TNS_ADMIN
> environment variable to point to somewhere else and create there a new
> sqlnet.ora file without the entry. Why Oracle made such a feature when
> it doesn't help at all?
> Is Database Vault the only option to forbid this access? Have you
> faced this problem , how did you resolved it?
>
> Thank You!
> Adrian Angelov
>
You can use *nix file permissions to make this file readable by only the oracle user. Others won't be able to use this file. If users are on the same server, they can use thier own sqlnet.ora config file which can be configured differently. Users do not have to use what is in $O_H/network/admin if you don't want them to.
As for users connecting as SYSDBA without the password....don't put those users in the 'dba' group.
HTH,Brian
-- =================================================================== Brian Peasland dba_at_nospam.peasland.net http://www.peasland.net Remove the "nospam." from the email address to email me. "I can give it to you cheap, quick, and good. Now pick two out of the three" - Unknown -- Posted via a free Usenet account from http://www.teranews.comReceived on Fri Aug 17 2007 - 10:08:01 CDT
 |
 |