Exploring Oracle November 2004 and REMOTE_OS_AUTHENT

Dear List,

If you have received the latest issue of Exploring Oracle, you may have seen the 'tip' in the 'Tip Corner' on page 5.

This 'tip' explains how you can avoid hardcoding passwords in scripts by setting REMOTE_OS_AUTHENT = TRUE, and creating an externally identified account.

This allows the account to login without a password from a machine other than the database server.

If you are not using some form of strong network authentication ( think Kerboros ) this is probably not a good idea. Any user on the network with administrative access to a PC could compromise this database without too much effort.

See www.cybcon.com/~jkstill/remote_os_authent_exploit.doc for an example.

If the server is a Windows machine, setting the parameter OSAUTH_PREFIX_DOMAIN=TRUE may make it somewhat more secure, but I haven't tried it.

-- 
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
--
http://www.freelists.org/webpage/oracle-l