| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: OPS$
Bambi,
Do you ( or anyone else for that matter ) have an example of how to setup remote_os_authent so that it is insecure?
With Sqlnet v1 and early v2 I think, all you had to do was set the value of USER_ID in oracle.ini.
e.g. USER_ID = jkstill
where 'jkstill' is identified externally.
I have been able to setup an account on a remote database that allows me to login via ' sqlplus "/@ifsdev" ', but only into an account that matches my NT client login name.
If you know how to do this so that another account such as SYSTEM could be logged into via a backdoor as in days of yore, I'd sure like to see it. If for no other reason than just to make sure I never set up a database/client to work that way. :)
Jared
"Bellows, Bambi" <BBellows_at_usg.com>
Sent by: root_at_fatcity.com
01/30/02 02:55 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
cc:
Subject: RE: OPS$
Well, yes, the can set their name to SYSTEM, SYS, SCOTT, whatever, and so
long as your authentication demands an OPS$ or basically any other non
null
string of characters, who cares? OPS$SYSTEM is not going to wind up being
a
DBA... now, if OPS$STILL is a DBA, and someone sets their PC to STILL,
then
you've got a problem.
The long and short of it is that the OPS security is only as good as the
box
it is serving. If you're on any computer with C level security or higher,
there is nothing wrong with using OPS$ as you are using operating system
level security. So, if, for example, you are using VMS, MVS, CDC, Cray,
or
anything us old folks might have used 10 years ago, OPS$ is terrific. If
your operating system is making Bill Gates richer, you have no security to
speak of.
The question you want to ask yourself is how good is your front-end security?
-----Original Message-----
Sent: Wednesday, January 30, 2002 4:26 PM
To: Multiple recipients of list ORACLE-L
Can you explain that? You have me scared now.
-----Original Message-----
Sent: Wednesday, January 30, 2002 4:00 PM
To: Multiple recipients of list ORACLE-L
They can also set their username to 'SYSTEM'.
Jared
Rachel Carmichael <wisernet100_at_yahoo.com>
Sent by: root_at_fatcity.com
01/30/02 11:25 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
cc:
Subject: Re: OPS$
anyone can name their pc "oracle" and then connect in if you set "remote_os_authent"
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: wisernet100_at_yahoo.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Smith, Ron L. INET: rlsmith_at_kmg.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Bellows, Bambi INET: BBellows_at_usg.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Jared.Still_at_radisys.com Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Wed Jan 30 2002 - 17:28:23 CST
 |
 |