Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: internal accepts any password
On Mon, 15 Apr 2002 14:37:09 GMT, dsmcd <dsmcd_at_uswestmail.net> wrote:
>Hello...
>
>Using DBA Studio or SQLPlus Worksheet at the server, I can
>connect as internal using any password. Any combination of
>keystrokes will do. It's a rather disturbing thing to watch.
>Using the same tools on client stations requires the proper
>password.
>
>I've seen this behaviour on a newly created database (using
>Database Config Assistant) and on an existing database where I
>had changed the sys password (using alter user sys identified as
><newpassword>).
>
>Any suggestions? 817 on win2kserv
>
>Thx,
>D.
The idea behind this is: if you are able to crack the local NT administrator password, the database is not safe for you anyway. In short: unless you also want to type the password everytime you connect in emergency this is the way it works. Also please stop using internal, it was deprecated a long time ago, and in 9i it is gone.
Regards
Sybrand Bakker, Senior Oracle DBA
To reply remove -verwijderdit from my e-mail address Received on Mon Apr 15 2002 - 11:49:20 CDT