Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Password management
Jerry Gitomer <jgitomer_at_erols.com> writes:
> On Sat, 25 Mar 2000, robertchung0909_at_my-deja.com wrote:
> >I would like to hear from other people how they manage their Oracle
> >schema passwords. My problem is the fact that I have to update all the
> >hard-coded passwords in all database scripts whenever passwords are
> >changed. We do not use Oracle's OS authentication feature because
> >neither NT nor UNIX are hecker proof (even though you can basically
> >assume Oracle is compromised when the hecker gets OS's super
> >user/administrator access).
> >
> >Basically, the goal is to change passwords periodically, and avoid hard-
> >coded passwords from database scripts that we have to update whenever
> >passwords are changed. Should we just use Oracle's OS authentication
> >feature? Any better idea? Thank you in advance.
> >
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
>
> Look into having the operating system authenticate your
> passwords. You will require a one time change to each of your Oracle
> instances for the Oracle user name you are using in your scripts, e.g. user
> ORACLE will become user OP$ORACLE
This approach will work, but should be used with care. Do not use it if users
have administrator privilege on NT or can become root on Unix. Otherwise,
users will be able to assume the identity of any user and then connect to
the DB as that user.
Rick
-- Thanks, Rick Rick Wessman Server Security Group Oracle Corporation rwessman_at_us.oracle.com The opinions expressed above are mine and do not necessarily reflect those of Oracle Corporation.Received on Sun Mar 26 2000 - 00:00:00 CST