| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Securing 'internal' from ROOT
"Mimmo Briganti" <mimmo_briganti_at_email.msn.com> writes:
> Sorry if this message was already posted, but I'm having problems with my
> news server ...
>
> Is there a way to get svrmgrl to prompt for a password on hp-ux systems like
> it does on NT when a 'connect internal' is issued?
>
> The company I work for is trying to secure the database from the following
> scenario:
>
> UNIX SA issues an su - oracle
> svrmgrl ... connect internal
> select * from hr.salaries ...
>
> The UNIX SA is unionized and they don't want him to see management salaries.
> Thanks in advance ...
>
> Mimmo Briganti
Interesting problem, at the least.
Try this: change config.c so that it specifies a group that oracle is not a member of. This will prevent the oracle user from connecting without a password. Create a password for the internal user using the orapwd utility.
Even if the root user su's as oracle, he will need a password to connect.
Of course, if the root user figures out how it works, he could put root in the group and this solution won't work.
--
Rick
Rick Wessman
Security and Directory Technologies
Server Technologies
Oracle Corporation
rwessman_at_us.oracle.com
Received on Thu Oct 01 1998 - 08:37:26 CDT
 |
 |