According the Oracle Documentation, the password file security should be
managed by
operating system.
Michael Reeves wrote in message <6uefpl$koi_at_news9.noc.netcom.net>...
>I just had a question answered about changing the internal password on a
>database. We are using Oracle 8.0.5 on an NT box. To change the internal
>password, we simply renamed the current password file and created a new
>password file that reflects the new internal password. This then gives us
>internal control of the database with the new password.
>
>This brings up my next question, what is to prevent someone (with some
>knowledge of Oracle) that should not have access to the database, from
>deleting the password file, creating a new password file, and then getting
>internal control of the database.
>
>From a security viewpoint, how do you safeguard against this. Is it simply
>an operating system security control, or does oracle have some way to
secure
>against this method of gaining access to the database?
>
>Thanks for any comments
>Michael
>
>
Received on Sat Sep 26 1998 - 08:08:51 CDT
