Re: Security issue in Oracle.

Answers embedded
<david_petit_at_yahoo.com> schreef in berichtnieuws 8gp311$9ip$1_at_nnrp1.deja.com...
> Hello all,
>
> I have a question related with security. I am using Oracle 8.0.6 in
> Solaris. I know that when a user has DBA group (in OS level), he can
> connect to Oracle by typing "connect internal" in svrmgrl (without
> typing password). Since my company has different teams for OS and Oracle
> database. I don't want the OS administrator can create a user and
> granted DBA to this user and login to Oracle later (by using svrmgrl
> or SQL*Plus). Is it possible to enable the password with "connect
> internal" in svrmgrl (and SQL*Plus) even if the OS user has DBA group?
>

No.
In fact, assuming the sysadmin has the root password, he can su to the oracle account, so he has sysdba privilege anyway. In short: trust him, if you don't trust him, fire him.

> I remember that in NT, the situation is different. I need to type the
> password with "connect internal" in svrmgrl. What can I do such that I
> don't need to type password with "connect internal" in svrmgrl?
>
>

create the os_<SID>_dba|oper group, add that group to your NT account, and enable OS authentication at Oracle level by adding the line: sqlnet.authentication_services=(NTS)
to sqlnet.ora on the server.

> Thanks,
> David
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.

Hth,

Sybrand Bakker, Oracle DBA Received on Sun May 28 2000 - 00:00:00 CDT