Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Database security

Re: Database security

From: Adam Donahue <>
Date: Tue, 16 Mar 2004 14:47:53 -0800
Message-ID: <>


I thought the oracle user was allow password-less access to Oracle as a result of being a member of the OSDBA group. Perhaps you can restrict or even remove that group.

(Of course, a user with root could simply erase the Oracle datafiles or perform other dangerous activities, but maybe that's beside the point.)

Adam wrote:

> List,
> Here in the midst of Sarbanes Oxley, I've been pondering methods
> that might be used to prevent a system administrator from connecting
> to any databases running on that box.
> I know that it is possible to setup Oracle on Windows so that without
> a password, you cannot logon to the database as sysdba.
> eg. sqlplus "/ as sysdba" will require a password.
> The caveat to this is that the SA can simply:
> * stop the Oracle service
> * change the init.ora parm remote_login_passwordfile to 'none'
> * start up the database
> * create a dba account
> * shutdown the database
> * re-enable the password file
> * restart the database
> That won't get you SYSDBA, but it will get you DBA, which is probably
> enough
> for any nefarious activities.
> On *nix it is a bit different of course. Anyone with root can simply
> su to oracle.
> I have been perusing Pete Finnigan's "Oracle Security Step-by-Step"
> but have
> not yet found information pertaining to this particular topic, other
> than revoking
> privs from the DBA account. That action is not applicable here, as
> the team of
> DBA's consists of me by myself.
> And TIA Mladen, but I already know how it works on unix, and that MS
> is the
> dark side of the force, but is unfortunately what I have to live with.
> Jared

Please see the official ORACLE-L FAQ:

To unsubscribe send email to: put 'unsubscribe' in the subject line.
Archives are at
FAQ is at
Received on Tue Mar 16 2004 - 16:44:18 CST

Original text of this message