| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle security question
select * from all_users;
to get all users, then change their oracle passwords so that no body can log in except you. This way you know you are the only one who can change the data. Next step is see what application can make the data change.
Hope this helps.
Guang
On Fri, 11 Jul 2003, Don Yu wrote:
> Dennis
>
> Thank you very much. My data in that database is changed three times. The first
> is whole data being delete. The second is over ten thousands records being
> added. The third is whole data related to a month being deleted. I know my
> working environment is very complicated. For this report application, I write
> shell scripts and C/C++ program to parsing Apache web server access log file
> (www.welch.jhu.edu) in order to get client ip, access date, and host ip, which
> are associated with the special pattern as "ntlinktrack.cgi", which is
> associated with Library E-Book,E-Journal, and E-database. Then I need to
> schedule a solaris cron job to process access log daily and load parsed data
> into database. Also I create some log files for saving intermediate information
> from my program. Then I create some ColdFusion pages to post these results into
> website. In my database there are over million records. Oracle DBA is new duty
> for me since I had found that my data was missing. This is the reason I post my
> question on Oracle user group. Now I am trying to read as much as I can but I do
> not have much time. I want to make sure my database is secure as early as I can.
> So what do you think of my reason?
> Thank you very much!
>
>
> Don
>
>
> DENNIS WILLIAMS wrote:
>
> > Don
> > SYS is the owner of the Oracle dictionary tables. It is a username with
> > DBA privilege, so someone who logs in can change data. If you have changed
> > its password, then you are assured that nobody is using that username right
> > now. If you've changed its password, then I wouldn't worry about it right
> > now.
> > Since it sounds as if you are the only person that accesses this
> > database, then you may want to change the username that owns your tables.
> > Hopefully this username is not SYSTEM or SYS.
> > After that, unless you know of other usernames someone might use to
> > access your Oracle database, don't make any more security changes for
> > awhile. Go back to trying to figure out why your data is changing without
> > your changing it. It may well be there is an innocent reason that has
> > nothing to do with someone else. I've had that happen to me when I've
> > started using an unfamiliar system.
> > And don't forget to buy a good Oracle DBA book like the one I suggested.
> >
> > Dennis Williams
> > DBA, 80%OCP, 100% DBA
> > Lifetouch, Inc.
> > dwilliams_at_lifetouch.com
> >
> >
> >
> > -----Original Message-----
> > Sent: Friday, July 11, 2003 3:49 PM
> > To: Multiple recipients of list ORACLE-L
> >
> > Dennis:
> >
> > Thanks for your message. Now I have changed sys password by the following
> > command:
> > alter user sys identified by xxxxxxx
> > But when I try to login from sql plus window by using sys, I cannot
> > successfully
> > login. Also I get an error message. The message is something like
> > "connection to
> > sys should be as sysdba or sysoper". So my question is what sys for?
> > Thank you very much!
> >
> > Don
> >
> > DENNIS WILLIAMS wrote:
> >
> > > Don
> > > If only you can make updates to your Oracle database, then you must
> > enter
> > > all the data ;-)
> > > From the tone of your posting, I'm going to assume that you are pretty
> > > new to Oracle. You may want to get a good basic administration book like
> > > Oracle9i DBA 101.
> > >
> > http://www.amazon.com/exec/obidos/tg/detail/-/0072224746/qid=1057949734/sr=8
> > > -1/ref=sr_8_1/104-2287688-5574335?v=glance&s=books&n=507846
> > > It is also a good idea to always mention your Oracle version and platform
> > > (Unix, NT, etc.) in your posts.
> > > First, log in with the SYSTEM username. Then change the password for
> > SYSTEM
> > > and SYS with the command:
> > > ALTER USER SYSTEM IDENTIFIED BY xxxxx;
> > > Where xxxxx is your new password.
> > > You should be able to make these changes without affecting any end users.
> > > Next you should identify your groups of users and how they access Oracle.
> > > Basically you need to identify what their access requirements are and then
> > > audit the usernames they use to ensure the privileges granted are just
> > what
> > > is required. This is also a good time to see about changing passwords, but
> > > first buy the book and read up on the basics of Oracle security.
> > >
> > > Dennis Williams
> > > DBA, 80%OCP, 100% DBA
> > > Lifetouch, Inc.
> > > dwilliams_at_lifetouch.com
> > >
> > > -----Original Message-----
> > > Sent: Friday, July 11, 2003 2:45 PM
> > > To: Multiple recipients of list ORACLE-L
> > >
> > > Hi,
> > >
> > > I have a security question about Oracle database. Recently I have taken
> > > full control an Oracle database in my department. Now I would like to
> > > make sure that no other people except myself can update data in that
> > > database. Can somebody tell me what it is necessary steps to do that?
> > > Any comments are highly appreciated. Thanks!
> > >
> > > Don
> > >
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: Don Yu
> > > INET: donyu_at_jhu.edu
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: DENNIS WILLIAMS
> > > INET: DWILLIAMS_at_LIFETOUCH.COM
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Don Yu
> > INET: donyu_at_jhu.edu
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: DENNIS WILLIAMS
> > INET: DWILLIAMS_at_LIFETOUCH.COM
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Don Yu
> INET: donyu_at_jhu.edu
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Guang Mei INET: gmei_at_incyte.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Jul 11 2003 - 20:49:24 CDT
 |
 |