Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: internal accepts any password

Re: internal accepts any password

From: Sybrand Bakker <postbus_at_sybrandb.demon.nl>
Date: Mon, 15 Apr 2002 18:49:20 +0200
Message-ID: <h01mbu4iaim3cdf2hlb7tu6op20qvvgkg9@4ax.com> 





On Mon, 15 Apr 2002 14:37:09 GMT, dsmcd <dsmcd_at_uswestmail.net> wrote:



>Hello...

>

>Using DBA Studio or SQLPlus Worksheet at the server, I can 

>connect as internal using any password. Any combination of 

>keystrokes will do. It's a rather disturbing thing to watch. 

>Using the same tools on client stations requires the proper 

>password.

>

>I've seen this behaviour on a newly created database (using 

>Database Config Assistant) and on an existing database where I 

>had changed the sys password (using alter user sys identified as 

><newpassword>).

>

>Any suggestions? 817 on win2kserv

>

>Thx,

>D.





The idea behind this is: if you are able to crack the local NT
administrator password, the database is not safe for you anyway.
In short: unless you also want to type the password everytime you
connect in emergency this is the way it works.
Also please stop using internal, it was deprecated a long time ago,
and in 9i  it is gone.



Regards



Sybrand Bakker, Senior Oracle DBA



To reply remove -verwijderdit from my e-mail address
Received on Mon Apr 15 2002 - 11:49:20 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US