Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> passwords
I just had a question answered about changing the internal password on a
database. We are using Oracle 8.0.5 on an NT box. To change the internal
password, we simply renamed the current password file and created a new
password file that reflects the new internal password. This then gives us
internal control of the database with the new password.
This brings up my next question, what is to prevent someone (with some knowledge of Oracle) that should not have access to the database, from deleting the password file, creating a new password file, and then getting internal control of the database.
From a security viewpoint, how do you safeguard against this. Is it simply an operating system security control, or does oracle have some way to secure against this method of gaining access to the database?
Thanks for any comments
Michael
Received on Thu Sep 24 1998 - 16:23:20 CDT