Home » RDBMS Server » Security » administrator account and security !
administrator account and security ! [message #60536] Fri, 13 February 2004 01:32 Go to next message
christophe
Messages: 2
Registered: February 2004
Junior Member
hello with all,

a small question about the accounts created by the base,
following the creation of a base.

there are counts created by defect:
- scott/tiger
- system
- sys
- and another

I modified the accounts sys and system at the time of creation bases.
However I can always connect myself under sql+ with "connect titi/titi
have sysdba" or "connect/have sysdba".

How to block this possibility, because no matter who can connect
himself to the base. Thus, with "connect titi/titi have sysdba", I can
lock the account of "scott". I do not manage to find infos.

server and client are on the same pc.

thank you for your answers.
Re: administrator account and security ! [message #60537 is a reply to message #60536] Fri, 13 February 2004 01:43 Go to previous messageGo to next message
Maaher
Messages: 7065
Registered: December 2001
Senior Member
Locally, at the server you can connect as sysdba with nomatter what credentials:
SQL> conn mhe/nomatterwhatpassworditypehere as sysdba
Connected.
SQL> show user
USER is "SYS"
SQL> 
I don't think users should connect locally at the database server.

MHE
Re: administrator account and security ! [message #60545 is a reply to message #60536] Fri, 13 February 2004 05:43 Go to previous messageGo to next message
Thiru
Messages: 1089
Registered: May 2002
Senior Member
Only users who are a member of 'dba' [[ Unix]] group or 'ora_dba' [[ windows]] group will be able to connect to the database,without supplying a password or the correct password. Other users will need to supply the correct password inorder to be able to connect as sysdba(unless you have other security holes like remote_os_authent,remote_os_roles).

eg)
<fennel: fprd></psfn/fprd> id
uid=9061(fprd) gid=22(psfn)

-- here user fprd does not belong to 'dba' group

<fennel: fprd></psfn/fprd> sqlplus /nolog

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:39:12 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

SQL> connect ops$oracle/whatever as sysdba
ERROR:
ORA-01031: insufficient privileges

SQL> connect ops$oracle/[correct_pwd] as sysdba
Connected.
SQL> exit
Disconnected from Oracle9i Enterprise Edition Release 9.0.1.4.0 - Production
With the Partitioning option
JServer Release 9.0.1.4.0 - Production

<fennel: fprd></psfn/fprd> sqlplus "/ as sysdba"

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:46:46 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges

-- Connecting as user Oracle 

<fennel: fprd></psfn/fprd> su - oracle
Password: 
Sun Microsystems Inc.   SunOS 5.8       Generic Patch   October 2001
FPRD@fennel:/export/home/oracle>id
uid=9000(oracle) gid=25(dba)
FPRD@fennel:/export/home/oracle>sqlplus /nolog

SQL*Plus: Release 9.0.1.4.0 - Production on Fri Feb 13 10:40:00 2004

(c) Copyright 2001 Oracle Corporation.  All rights reserved.

SQL> connect ops$oracle/whatever as sysdba
Connected.



So you'll need to control access at OS also. Only dba users should be part of the dba group.

-Thiru
Re: administrator account and security ! [message #60559 is a reply to message #60536] Sun, 15 February 2004 23:55 Go to previous message
christophe
Messages: 2
Registered: February 2004
Junior Member
thank you for your answers.
I made the modifications necessary to
check and it is exact. It uses the OS account to connect itself in sysdba in condition of being in dba account of the machine.
still thank you.
Previous Topic: SYS & SYSTEM password lost!
Next Topic: Unable to connect using OS authentication
Goto Forum:
  


Current Time: Thu Mar 28 10:48:01 CDT 2024