Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> What's so secure about orapwd?
According to Certification Exam Guide -
"If the database administrator is planning to administer the database
for a remote location, then the question of whether or not a secure
connection can be established with the host system running Oracle must
be answered. If the DBA can in fact obtain a secure connection with
the host system running Oracle, then the DBA can use either [Oracle
authentication or OS authentication ]. If the DBA cannot obtain a
secure connection remotely, then the DBA must use the Oracle method of
user authentication".
The Oracle method of user authentication to my understanding means the use of a password file, containing users and passwords of privileged users, so that something like the following can be done ...
SQL> CONNECT john/mary AS SYSDBA;
Connection succeeded;
SQL>
Now, if I don't have a secure connection - and I assume that means
someone can sniff packets for what I am doing.... isn't the entry of
"mary" just as vulnerable as anything else? Anyone else can get
access to the box, through a telnet or whatever, and also connect
john/mary as sysdba.. No??
What am I misinterpreting?
Thanks,
Dc.
Received on Sat Jan 22 2000 - 18:06:22 CST