RE: Create user identified by externally

From: Lau, John <john.lau_at_csfb.com>
Date: Fri, 21 Sep 2001 00:40:08 -0700
Message-ID: <F001.0039464B.20010921003518@fatcity.com>

I believe externally identified logins together with remote_os_authent give rise to a security loophole. Anyone with Oracle installed on their PC could in theory create a user ops$oracle and then login to your database[s] with full DBA privs. We use OS authentication but not remote OS authentication for this reason.

-----Original Message-----
Sent: 20 September 2001 19:50
To: Multiple recipients of list ORACLE-L

There is an init.oram parameter, REMOTE_OS_AUTHENT. which controls this. Its default value is false. Setting it to true is begging for trouble.

BTW, It's "identified externally" not "identified by externally"

Ian MacGregor
Stanford Linear Acccelerator Center
ian_at_slac.stanford.edu

-----Original Message-----
Sent: Thursday, September 20, 2001 10:05 AM To: Multiple recipients of list ORACLE-L

Hi,

If there is user created using identified by externally, could this user login to database remotely? If it could, could you please help us?

Thanks,

Jun
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Feng, Jun
INET: jfeng_at_verisign.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: MacGregor, Ian A.
INET: ian_at_SLAC.Stanford.EDU

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted.
Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.

--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Lau, John
INET: john.lau_at_csfb.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------