Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle security question

RE: Oracle security question

From: Jacques Kilchoer <Jacques.Kilchoer_at_quest.com>
Date: Fri, 11 Jul 2003 15:14:24 -0800
Message-ID: <F001.005C467A.20030711151424@fatcity.com> 





In addition to what Dennis said:


if Orace init parameter O7_DICTIONARY_ACCESSIBILITY = FALSE (the default in 9.0 and 9.2)
then to connect as user SYS you need to specify the connect string like this:
connect SYS/password AS SYSDBA



The reason the user SYS is more protected than the user SYSTEM is because:
a) the user SYS is the owner of the data dictionary - the set of tables that are used by Oracle to store internal information about the objects in the database;
b) the user SYS is the one you use for tasks such as starting up or shutting down the database.



SYSTEM is s DBA user created along with the database.



In general, you should do the following:
only sign on as SYS to startup and shutdown the database, or for recovery.
create another DBA user and sign on as that other user for any DBA tasks.
I hardly ever use the SYSTEM account except for creation of some Oracle-related objects (like a public PLAN_TABLE or the PRODUCT_USER_PROFILE table.)



> -----Original Message-----

> From: Don Yu [mailto:donyu_at_jhu.edu]

> Sent: vendredi, 11. juillet 2003 13:49

> To: Multiple recipients of list ORACLE-L

> Subject: Re: Oracle security question

> 

> 

> Dennis:

> 

> Thanks for your message. Now I have changed sys password by 

> the following

> command:

> alter user sys identified by xxxxxxx

> But when I try to login from sql plus window by using sys, I 

> cannot successfully

> login. Also I get an error message. The message is something 

> like "connection to

> sys should be as sysdba or sysoper". So my question is what sys for?

> Thank you very much!


-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Jacques Kilchoer
  INET: Jacques.Kilchoer_at_quest.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Fri Jul 11 2003 - 18:14:24 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US