Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: OPS$ on NT/2000

Re: OPS$ on NT/2000

From: Pete Finnigan <oracle_list_at_peterfinnigan.demon.co.uk>
Date: Thu, 29 Jul 2004 12:04:30 +0100
Message-ID: <w64A0eA+mNCBBxz2@peterfinnigan.demon.co.uk>


In article <DE182EBE02B3544ABEA8A96FCFE1D63FCD7F3E_at_sgofusr22.nac.ppg.com
>, Solomon, Saul M. <ssolomon_at_ppg.com> writes
>Make sure the ID you want to use is in the ORA_DBA group on the windows =
>box.
>If it's a domain account rather than local, go into the registry =
>HKLM/Software/Oracle/HomeX and add the string value =
>OSAUTH_PREFIX_DOMAIN=3DFALSE. This will stop the domain name part of the =
>account being passed to Oracle. Then add the account with the ops$ =
>prefix as normal.

Hi,

Don't make the user a member of ORA_DBA as it will then be able to inherit OSDBA privileges by connecting "as sysdba" which you probably don't intend and also if you are using a domain account set the registry entry to TRUE so that spoofing the account is harder to do.

Take a look at the two checklists on Oracle security on my site http://www.petefinnigan.com/orasec.htm which mention some security checks and recommendations where external accounts are used.

Kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to:  oracle-l-request_at_freelists.org
put 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Received on Thu Jul 29 2004 - 06:10:31 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US