What's so secure about orapwd?

According to Certification Exam Guide -
"If the database administrator is planning to administer the database
for a remote location, then the question of whether or not a secure connection can be established with the host system running Oracle must be answered. If the DBA can in fact obtain a secure connection with the host system running Oracle, then the DBA can use either [Oracle authentication or OS authentication ]. If the DBA cannot obtain a secure connection remotely, then the DBA must use the Oracle method of user authentication".

The Oracle method of user authentication to my understanding means the use of a password file, containing users and passwords of privileged users, so that something like the following can be done ...

SQL> CONNECT john/mary AS SYSDBA;
Connection succeeded;
SQL> Now, if I don't have a secure connection - and I assume that means someone can sniff packets for what I am doing.... isn't the entry of
"mary" just as vulnerable as anything else? Anyone else can get
access to the box, through a telnet or whatever, and also connect john/mary as sysdba.. No??

What am I misinterpreting?

Thanks,
Dc. Received on Sat Jan 22 2000 - 18:06:22 CST