Re: same dba password for all instances : is it secure ?

Fleury Marcel wrote:
> Hello,
> We administrate about 60 Oracle Instances.
>
> SYS have his password for exemple syspwd, and SYSTEM also his password
> for exemple systempwd.
> But we use the same on all Oracle Instances.
>
> So if an someone knows a password, he can use it for all Instances.
>
> But it is difficult to ask the DBA to use a distinct password for each
> Instance.
>
> Suggestions to perform this security are welcome.
> Or advices to remember each password
>
> Thank you
>
> Marcel

You can carry security to its extreme, to the point where your system is nearly unusable. Over the years, passwords have been shown to be a rather "weak" protection scheme. Just type "oracle crack" in Google and you'll see one person's Oracle password cracker (for only US$4). You'll also see lots of warez or hacker sites (some in languages I can't read).

However, on the other side of the coin, I use different passwords on each of my databases (we have about 60 also). The passwords aren't radically different ... just coded to the database.

I don't do this because it's meant to thwart a hacker intrusion. Rather it's to keep me from making a "fumble-fingered" mistake. It's an extra mental "check" to verify to myself that I'm connecting to the correct database. It's probably a bad idea - I inherited it from the former DBA - but all our databases are named the same (RX). Having different passwords gives me that extra assurance that I've connected to the correct RX.

Just a thought. Received on Thu Oct 31 2002 - 11:40:51 CST