Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: LRM-00109 and ORA-01078 while starting up database remot
Philip Chee wrote:
>
> >Could be that the person wanting to start the database doesn't have
> >access to an OS account with these privs, but does have the right Oracle
> >account level privs.
>
> If I can't trust somebody with an OS account on a server, I sure
> wouldn't give out an Oracle account with those privileges either.
That's your choice (and mine, usually, for what it's worth). But others may have different tolerences. Consider an SA for a company that sells classes teaching Oracle DBA tasks. She has a server that is running a dozen databases, one for each member of the class. She wants to allow the students to startup/shutdown their database for practice, but doesn't want them to have host-level access (that's her company's choice).
> >Could be that Telnet is prohibited but secured SqlNet is admissible
> >for security reasons.
>
> So run ssh. Security levels won't be compromised this way.
Everytime you open your server to another method/level of access, you compromise security. SSH, as nice a tool as it is, is not immune. Adding SSH access instead of adding telnet access is certainly the better choice for security, but in either case you're *adding* access, thereby compromising security.
> >Could be that you want a single location from which to execute such
> >commands withouth the hassle of telnetting to different machines
> >first (scripted backup maybe, who knows).
>
> With scripted stuff, it's trivial to script logins to remote servers
> via rsh (unsecure) or ssh (better security) so your claims of extra
> hassle are unwarranted.
You're saying it's possible to write an Expect script to startup databases on multiple hosts that's simpler than:
SQL> connect scott/tiger_at_database1 as sysdba SQL> startup pfile=initdatabase1.ora SQL> connect scott/tiger_at_database2 as sysdba SQL> startup pfile=initdatabase2.ora
??
> >But 9i and and spfile would probably help no matter what.
>
> Ok. Good point. Also I just remembered that the original poster
> had the DBMS on a Windows server, so telnet/ssh won't work.
> I concede.
Why won't it work? Try www.f-secure.com, they offer a nice ssh server for NT/2000, amongst others.
Regards,
Sean
Received on Sun Apr 14 2002 - 11:02:02 CDT