| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle security question
Dear Guang Mei:
Thanks for your message. Your suggestion is very helpful. After reviewing all possible
uesers, I have locked them. Now I have only one concern that if nobody knows my
database's sys and system's password, there should be no way to unlock these accounts.
Am I complete right?
Thanks! Any comments are appreciated!
Don
Guang Mei wrote:
> select * from all_users;
>
> to get all users, then change their oracle passwords so that no body can
> log in except you. This way you know you are the only one who can change
> the data. Next step is see what application can make the data change.
>
> Hope this helps.
>
> Guang
>
> On Fri, 11 Jul 2003, Don Yu wrote:
>
> > Dennis
> >
> > Thank you very much. My data in that database is changed three times. The first
> > is whole data being delete. The second is over ten thousands records being
> > added. The third is whole data related to a month being deleted. I know my
> > working environment is very complicated. For this report application, I write
> > shell scripts and C/C++ program to parsing Apache web server access log file
> > (www.welch.jhu.edu) in order to get client ip, access date, and host ip, which
> > are associated with the special pattern as "ntlinktrack.cgi", which is
> > associated with Library E-Book,E-Journal, and E-database. Then I need to
> > schedule a solaris cron job to process access log daily and load parsed data
> > into database. Also I create some log files for saving intermediate information
> > from my program. Then I create some ColdFusion pages to post these results into
> > website. In my database there are over million records. Oracle DBA is new duty
> > for me since I had found that my data was missing. This is the reason I post my
> > question on Oracle user group. Now I am trying to read as much as I can but I do
> > not have much time. I want to make sure my database is secure as early as I can.
> > So what do you think of my reason?
> > Thank you very much!
> >
> >
> > Don
> >
> >
> > DENNIS WILLIAMS wrote:
> >
> > > Don
> > > SYS is the owner of the Oracle dictionary tables. It is a username with
> > > DBA privilege, so someone who logs in can change data. If you have changed
> > > its password, then you are assured that nobody is using that username right
> > > now. If you've changed its password, then I wouldn't worry about it right
> > > now.
> > > Since it sounds as if you are the only person that accesses this
> > > database, then you may want to change the username that owns your tables.
> > > Hopefully this username is not SYSTEM or SYS.
> > > After that, unless you know of other usernames someone might use to
> > > access your Oracle database, don't make any more security changes for
> > > awhile. Go back to trying to figure out why your data is changing without
> > > your changing it. It may well be there is an innocent reason that has
> > > nothing to do with someone else. I've had that happen to me when I've
> > > started using an unfamiliar system.
> > > And don't forget to buy a good Oracle DBA book like the one I suggested.
> > >
> > > Dennis Williams
> > > DBA, 80%OCP, 100% DBA
> > > Lifetouch, Inc.
> > > dwilliams_at_lifetouch.com
> > >
> > >
> > >
> > > -----Original Message-----
> > > Sent: Friday, July 11, 2003 3:49 PM
> > > To: Multiple recipients of list ORACLE-L
> > >
> > > Dennis:
> > >
> > > Thanks for your message. Now I have changed sys password by the following
> > > command:
> > > alter user sys identified by xxxxxxx
> > > But when I try to login from sql plus window by using sys, I cannot
> > > successfully
> > > login. Also I get an error message. The message is something like
> > > "connection to
> > > sys should be as sysdba or sysoper". So my question is what sys for?
> > > Thank you very much!
> > >
> > > Don
> > >
> > > DENNIS WILLIAMS wrote:
> > >
> > > > Don
> > > > If only you can make updates to your Oracle database, then you must
> > > enter
> > > > all the data ;-)
> > > > From the tone of your posting, I'm going to assume that you are pretty
> > > > new to Oracle. You may want to get a good basic administration book like
> > > > Oracle9i DBA 101.
> > > >
> > > http://www.amazon.com/exec/obidos/tg/detail/-/0072224746/qid=1057949734/sr=8
> > > > -1/ref=sr_8_1/104-2287688-5574335?v=glance&s=books&n=507846
> > > > It is also a good idea to always mention your Oracle version and platform
> > > > (Unix, NT, etc.) in your posts.
> > > > First, log in with the SYSTEM username. Then change the password for
> > > SYSTEM
> > > > and SYS with the command:
> > > > ALTER USER SYSTEM IDENTIFIED BY xxxxx;
> > > > Where xxxxx is your new password.
> > > > You should be able to make these changes without affecting any end users.
> > > > Next you should identify your groups of users and how they access Oracle.
> > > > Basically you need to identify what their access requirements are and then
> > > > audit the usernames they use to ensure the privileges granted are just
> > > what
> > > > is required. This is also a good time to see about changing passwords, but
> > > > first buy the book and read up on the basics of Oracle security.
> > > >
> > > > Dennis Williams
> > > > DBA, 80%OCP, 100% DBA
> > > > Lifetouch, Inc.
> > > > dwilliams_at_lifetouch.com
> > > >
> > > > -----Original Message-----
> > > > Sent: Friday, July 11, 2003 2:45 PM
> > > > To: Multiple recipients of list ORACLE-L
> > > >
> > > > Hi,
> > > >
> > > > I have a security question about Oracle database. Recently I have taken
> > > > full control an Oracle database in my department. Now I would like to
> > > > make sure that no other people except myself can update data in that
> > > > database. Can somebody tell me what it is necessary steps to do that?
> > > > Any comments are highly appreciated. Thanks!
> > > >
> > > > Don
> > > >
> > > > --
> > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > > --
> > > > Author: Don Yu
> > > > INET: donyu_at_jhu.edu
> > > >
> > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > > San Diego, California -- Mailing list and web hosting services
> > > > ---------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be removed from). You may
> > > > also send the HELP command for other information (like subscribing).
> > > > --
> > > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > > --
> > > > Author: DENNIS WILLIAMS
> > > > INET: DWILLIAMS_at_LIFETOUCH.COM
> > > >
> > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > > San Diego, California -- Mailing list and web hosting services
> > > > ---------------------------------------------------------------------
> > > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > > (or the name of mailing list you want to be removed from). You may
> > > > also send the HELP command for other information (like subscribing).
> > >
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: Don Yu
> > > INET: donyu_at_jhu.edu
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: DENNIS WILLIAMS
> > > INET: DWILLIAMS_at_LIFETOUCH.COM
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Don Yu
> > INET: donyu_at_jhu.edu
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> >
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Guang Mei
> INET: gmei_at_incyte.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
Received on Mon Jul 14 2003 - 14:52:50 CDT
 |
 |