| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: windows authentication
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
because of this :
Oracle provides an option to verify authentication of accounts =
IDENTIFIED EXTERNALLY at the client. The database is configured to do = this by setting the REMOTE_OS_AUTHENT parameter in the init.ora file. = This configuration is not secure since an attacker on the network can =connect to Oracle claiming to be any account IDENTIFIED EXTERNALLY. If = you enable this parameter and an attacker can identify a user that is = configured to use operating system authentication, the attacker will be = able to connect to the account without providing any authentication = credentials.
When an account is created, you choose to authenticate to the account = using a password managed by Oracle or by the operating system. If you = choose to rely on operating system authentication rather than Oracle = authentication, you create the account using the following syntax: create user [NEWUSER] identified externally
Relying on client-side authentication for Oracle is not secure since = client-side security can be easily circumvented.=20
<<RE: windows authentication>>=20
Received: from srv1.RDW.NL ([192.168.170.24]) by rdw04198.prdw.tld with Microsoft SMTPSVC(6.0.3790.0); Wed, 18 Feb 2004 10:54:53 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_003_01C3F605.41759480"
Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 2A4D4394B6F; Wed, 18 Feb 2004 04:52:44 -0500 (EST)
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Received: with ECARTIS (v1.0.0; list oracle-l); Wed, 18 Feb 2004 04:52:43 -0500 (EST)
Content-class: urn:content-classes:message
Subject: RE: windows authentication
Date: Wed, 18 Feb 2004 10:51:00 +0100
Message-ID: <s03335a9.090_at_bristol21.bristol.ac>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: windows authentication
Thread-Index: AcP2BUIfKrCNdD+URkysiPLTeDmkcg==
From: "Niall Litchfield" <n-litchfield_at_audit-commission.gov.uk>
To: <oracle-l_at_freelists.org>
Reply-To: <oracle-l_at_freelists.org>
This is a multi-part message in MIME format.
------_=_NextPart_003_01C3F605.41759480
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Why do you say it is insecure?=3D20
Niall Litchfield
Oracle DBA
Audit Commission
+44 117 975 7805=3D20
> -----Original Message-----
> From: GKor_at_rdw.nl=3D20
> Sent: 18 February 2004 09:43
> To: GKor_at_rdw.nl; oracle-l_at_freelists.org
> Subject: windows authentication
>=3D20 >=3D20
>=3D20
>=3D20
>=3D20
>=3D20 >=3D20
>=3D20 >=3D20
>=3D20 >=3D20 >=3D20 >=3D20> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ------_=_NextPart_003_01C3F605.41759480 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 6.5.6944.0"> <TITLE>RE: windows authentication</TITLE> </HEAD> <BODY> <!-- Converted from text/plain format --> <P><FONT SIZE=3D2>Why do you say it is insecure?=3D20</FONT> </P> <P><FONT SIZE=3D2>Niall Litchfield</FONT> <BR><FONT SIZE=3D2>Oracle DBA</FONT> <BR><FONT SIZE=3D2>Audit Commission</FONT> <BR><FONT SIZE=3D2>+44 117 975 7805=3D20</FONT> </P> <P><FONT SIZE=3D2>> -----Original Message-----</FONT> <BR><FONT SIZE=3D2>> From: GKor_at_rdw.nl=3D20</FONT> <BR><FONT SIZE=3D2>> Sent: 18 February 2004 09:43</FONT> <BR><FONT SIZE=3D2>> To: GKor_at_rdw.nl; oracle-l_at_freelists.org</FONT> <BR><FONT SIZE=3D2>> Subject: windows authentication</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> hi all=3D20</FONT> <BR><FONT SIZE=3D2>> What is my alternative to the following = situation :</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> database users are configured externally = with=3D20</FONT> <BR><FONT SIZE=3D2>> remote_os_authent=3D3Dtrue , so that</FONT> <BR><FONT SIZE=3D2>> the db users connect with /@connectstring</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> This is not secure, i know. But what is a better = (more=3D20</FONT> <BR><FONT SIZE=3D2>> secure) solution</FONT> <BR><FONT SIZE=3D2>> without troubling about entering = passwords.</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> W2k with Oracle 8174</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> Thanks</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> vr.gr.</FONT> <BR><FONT SIZE=3D2>> G.g. Kor</FONT> <BR><FONT SIZE=3D2>> Sr. System Engineer I&DM Db</FONT> <BR><FONT SIZE=3D2>> RDW Voertuiginformatie en -toelating=3D20</FONT> <BR><FONT SIZE=3D2>> Ict Bedrijf</FONT> <BR><FONT SIZE=3D2>> Hollland</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>> = ----------------------------------------------------------------</FONT> <BR><FONT SIZE=3D2>> Please see the official ORACLE-L FAQ: <A = HREF=3D"http://www.orafaq.com">http://www.orafaq.com</A></FONT> <BR><FONT SIZE=3D2>> = ----------------------------------------------------------------</FONT> <BR><FONT SIZE=3D2>> To unsubscribe send email to: = oracle-l-request_at_freelists.org</FONT> <BR><FONT SIZE=3D2>> put 'unsubscribe' in the subject line.</FONT> <BR><FONT SIZE=3D2>> --</FONT> <BR><FONT SIZE=3D2>> Archives are at <A = HREF=3D"http://www.freelists.org/archives/oracle-l/">http://www.freelists= .org/archives/oracle-l/</A></FONT> <BR><FONT SIZE=3D2>> FAQ is at <A = HREF=3D"http://www.freelists.org/help/fom-serve/cache/1.html">http://www.= freelists.org/help/fom-serve/cache/1.html</A></FONT> <BR><FONT SIZE=3D2>> = -----------------------------------------------------------------</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> <BR><FONT SIZE=3D2>>=3D20</FONT> </P> <BR> <BR> <P><FONT = SIZE=3D2>****************************************************************= ******</FONT> <BR><FONT SIZE=3D2>This email contains information intended for</FONT> <BR><FONT SIZE=3D2>the addressee only. It may be = confidential</FONT> <BR><FONT SIZE=3D2>and may be the subject of legal and/or</FONT> <BR><FONT SIZE=3D2>professional privilege. Any = dissemination,</FONT> <BR><FONT SIZE=3D2>distribution, copyright or use of this</FONT> <BR><FONT SIZE=3D2>communication without prior permission of</FONT> <BR><FONT SIZE=3D2>the sender is strictly prohibited.</FONT> <BR><FONT = SIZE=3D2>****************************************************************= ******</FONT> </P> <P><FONT = SIZE=3D2>----------------------------------------------------------------= </FONT> <BR><FONT SIZE=3D2>Please see the official ORACLE-L FAQ: <A = HREF=3D"http://www.orafaq.com">http://www.orafaq.com</A></FONT> <BR><FONT = SIZE=3D2>----------------------------------------------------------------= </FONT> <BR><FONT SIZE=3D2>To unsubscribe send email to: = oracle-l-request_at_freelists.org</FONT> <BR><FONT SIZE=3D2>put 'unsubscribe' in the subject line.</FONT> <BR><FONT SIZE=3D2>--</FONT> <BR><FONT SIZE=3D2>Archives are at <A = HREF=3D"http://www.freelists.org/archives/oracle-l/">http://www.freelists= .org/archives/oracle-l/</A></FONT> <BR><FONT SIZE=3D2>FAQ is at <A = HREF=3D"http://www.freelists.org/help/fom-serve/cache/1.html">http://www.= freelists.org/help/fom-serve/cache/1.html</A></FONT> <BR><FONT = SIZE=3D2>----------------------------------------------------------------= -</FONT> </P> </BODY> </HTML> ------_=_NextPart_003_01C3F605.41759480-- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Wed Feb 18 2004 - 04:10:55 CST
 |
 |