RE: Oracle security question

Don

    SYS is the owner of the Oracle dictionary tables. It is a username with DBA privilege, so someone who logs in can change data. If you have changed its password, then you are assured that nobody is using that username right now. If you've changed its password, then I wouldn't worry about it right now.

    Since it sounds as if you are the only person that accesses this database, then you may want to change the username that owns your tables. Hopefully this username is not SYSTEM or SYS.

    After that, unless you know of other usernames someone might use to access your Oracle database, don't make any more security changes for awhile. Go back to trying to figure out why your data is changing without your changing it. It may well be there is an innocent reason that has nothing to do with someone else. I've had that happen to me when I've started using an unfamiliar system.

    And don't forget to buy a good Oracle DBA book like the one I suggested.

Dennis Williams
DBA, 80%OCP, 100% DBA
Lifetouch, Inc.
dwilliams_at_lifetouch.com  

-----Original Message-----
Sent: Friday, July 11, 2003 3:49 PM
To: Multiple recipients of list ORACLE-L

Dennis:

Thanks for your message. Now I have changed sys password by the following command:
alter user sys identified by xxxxxxx
But when I try to login from sql plus window by using sys, I cannot successfully
login. Also I get an error message. The message is something like "connection to
sys should be as sysdba or sysoper". So my question is what sys for? Thank you very much!

Don

DENNIS WILLIAMS wrote:

> Don
> If only you can make updates to your Oracle database, then you must
enter
> all the data ;-)
> From the tone of your posting, I'm going to assume that you are pretty
> new to Oracle. You may want to get a good basic administration book like
> Oracle9i DBA 101.
>

http://www.amazon.com/exec/obidos/tg/detail/-/0072224746/qid=1057949734/sr=8
> -1/ref=sr_8_1/104-2287688-5574335?v=glance&s=books&n=507846
> It is also a good idea to always mention your Oracle version and platform
> (Unix, NT, etc.) in your posts.
> First, log in with the SYSTEM username. Then change the password for
SYSTEM
> and SYS with the command:
> ALTER USER SYSTEM IDENTIFIED BY xxxxx;
> Where xxxxx is your new password.
> You should be able to make these changes without affecting any end users.
> Next you should identify your groups of users and how they access Oracle.
> Basically you need to identify what their access requirements are and then
> audit the usernames they use to ensure the privileges granted are just
what
> is required. This is also a good time to see about changing passwords, but
> first buy the book and read up on the basics of Oracle security.
>
> Dennis Williams
> DBA, 80%OCP, 100% DBA
> Lifetouch, Inc.
> dwilliams_at_lifetouch.com
>
> -----Original Message-----
> Sent: Friday, July 11, 2003 2:45 PM
> To: Multiple recipients of list ORACLE-L
>
> Hi,
>
> I have a security question about Oracle database. Recently I have taken
> full control an Oracle database in my department. Now I would like to
> make sure that no other people except myself can update data in that
> database. Can somebody tell me what it is necessary steps to do that?
> Any comments are highly appreciated. Thanks!
>
> Don
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Don Yu
> INET: donyu_at_jhu.edu
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: DENNIS WILLIAMS
> INET: DWILLIAMS_at_LIFETOUCH.COM
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Don Yu
  INET: donyu_at_jhu.edu

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: DENNIS WILLIAMS
  INET: DWILLIAMS_at_LIFETOUCH.COM

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).