- Original Message -----
To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]>
Sent: Friday, June 20, 2003 9:44 AM
> This is an interesting one. I am currently going through (tortured)
another
> system audit. One of the many questions the auditors (I am being attacked
> from all sides) had about the Oracle configuration was "Can remote
> authenticated network users connect to the database?".
>
> If auditors know this is a weakness, maybe it would be a good idea to
avoid
> its use.
>
> btw I do use O/S authenticated userids but remote authentication has been
> disabled (deliberately). We are running Oracle on Unix so our batch jobs
use
> O/S authenticated ids.
>
>
> >From: "Gogala, Mladen" <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
> >Subject: RE: oracle authentication from windows
> >Date: Thu, 19 Jun 2003 12:19:59 -0800
> >
> >That, of course, will render your database totally insecure and open to
> >anybody
> >who can bring in a WinXP laptop, change the windoze username and log in
as
> >he pleases.
> >DBA that sets his production parameters the way Arup described deserves
to
> >be
> >publicly tortured by Bill O'Reilly in the "no spin zone".
> >
> >
> >Mladen Gogala
> >Oracle DBA
> >Phone:(203) 459-6855
> >Email:[EMAIL PROTECTED]
> >
> >-----Original Message-----
> >Sent: Thursday, June 19, 2003 3:46 PM
> >To: Multiple recipients of list ORACLE-L
> >
> >
> >Sure.
> >
> >Just declare these in your init.ora
> >
> >os_authent_prefix=OPS$
> >remote_os_authent=TRUE
> >
> >bounce the database, add a user called OPS$<the Windows username>, e.g.
> >OPS$AK if your Windows login id is AK as
> >
> >create user ops$ak identified externally
> >
> >From windows connect as "/@servicename", e.g. sqlplus /@service1
> >
> >If it doesn't work, the OS user may be different. Use this query while
> >connected to the database from Windows cleint.
> >
> >SQL> select sys_context('USERENV','OS_USER') from dual;
> >
> >See what OS username comes up; use that instead.
> >
> >HTH.
> >
> >Arup Nanda
> >www.proligence.com
> >
> >
> >
> >----- Original Message -----
> >To: Multiple <mailto:[EMAIL PROTECTED]> recipients of list ORACLE-L
> >Sent: Thursday, June 19, 2003 1:10 PM
> >
> >We want our client users ( forms user ) to just enter windows password
and
> >then automatically able to get in to oracle .Is there a way oracle can
> >authenticate from windows ( or active directory ) . enbadding password in
> >runform.exe not an option .
> >
> >thanks,
> >-ak
> >
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: david davis
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Arup Nanda
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
Received on Fri Jun 20 2003 - 13:40:25 CDT
