Re: JDBC connection using externally identified user

remote_os_authent=false should be a hidden parameter IMHO. When remote_os_authent=true, consider this scenario: 1. You set this parameter in your DB 2. I create a user on my desktop (or, if I lack privs on my desktop, install VMWare Server, install a guest OS and create a user in that) that matches the OS-authenticated username in your DB 3. I can login to your DB with that OS-authenticated user even though I'm not on your application server or DB server. remote_os_authent should be banned forever. Even a non-hacker like me can figure out how to exploit it, so it must be easy! So, it may work, but I suggest that you don't want it to work since the consequences may be great. Dan ----- Original Message ---- From: Peter Hitchman <pjhoraclel_at_gmail.com> To: oracle-l <oracle-l_at_freelists.org> Sent: Friday, October 26, 2007 4:13:46 AM Subject: Re: JDBC connection using externally identified user Hi, I hit the same issue and after I allowed the database to allow remote OS authentication this worked in 10.2.0.3: class testcon{ public static void main(String args[]) throws SQLException { OracleDataSource ods = new OracleDataSource(); String url = "jdbc:oracle:oci:@<YOUR_SID>"; ods.setURL(url); ods.setUser(""); ods.setPassword (""); . . .} Using the DriverManager it can look like this: . . DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver()); Connection conn=DriverManager.getConnection ("jdbc:oracle:oci:/@<YOUR_SID>"); . . Regards Pete

--
http://www.freelists.org/webpage/oracle-l