Re: multiple tnsnames.ora files

> This idea does have some merit. But the TNSNAMES file does not give any
> access to any database just on it's own. They need to authenticate to
> the database somehow (usually userid/password). Anyone only needs to
> know three pieces of code to correctly configure TNSNAMES (host, port,
> and sid: and port is usually either 1521 and/or 1526).
>
> It's the authentication routine that protects your system. I use a
> global file at my site (actually Oracle Names Server) and I don't fear
> anyone here breaking into any of our databases that they are not allowed
> access to since I don't publish userid/passwords.
>
> It is a risk, albeit a minor one. Now I wouldn't publish my TNSNAMES
> info on the WWW for *everyone* and their grandparents to see, but I
> don't have a problem listing this info in my company.

I agree that it does not give anyone access in an of itself. But what it does give is the SID and the host name or host IP address. That has been enough in the past for databases to be compromised as it pointed crackers to where the data was stored. So my advice is unchanged. This information is "need to know". If someone doesn't need to know ... then don't hand it to them. Or worse yet, to the person that gets their computer six months later when they leave the company and the computer is transferred to someone new in another department.

Daniel A. Morgan Received on Mon Mar 19 2001 - 23:18:32 CST