| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: How to create an user "INTERNAL" in Oracle9i ???
"Brian Peasland" <dba_at_remove_spam.peasland.com> wrote in message
news:4057591A.3AA84184_at_remove_spam.peasland.com...
> > > You cannot create a user called INTERNAL in an Oracle 9i database. See
> > > the following:
> > >
> > > ORA9I SQL> create user internal identifed by abc123;
> > > create user internal identifed by abc123
> > > *
> > > ERROR at line 1:
> > > ORA-09275: CONNECT INTERNAL is not a valid DBA connection
> > >
> > may there is a command like:
> > create user bufferuser alias internal ide...
> > grant username ...
>
> Maybe there is a command like:
>
> CREATE USER superman IDENTIFIED BY loislane
> WITH server_root PRIVILEGES
> PLUS able_to_leap_tall_buildings+faster_than_a_speeding_bullet
> UNRESTRICTED IN ANY WAY IN ANY UNIVERSE;
>
> But it simply doesn't exist.
>
>
> > Is there any trick/way
> > one in this NG knows to create an user called INTERNAL ?
> > (it can not be done like creating any other user !
> > But may be if at installation .... or using secret flags ... ;-| ???)
>
> There is a parameter called BYPASS_ALL_SECURITY_MECHANISMS that you
> could set to TRUE. Just kidding.
>
> Seriously, it was a design flaw to code the application using CONNECT
> INTERNAL. Most likely, this was done because it made someone's life
> easier, rather than do it the proper way. The INTERNAL user was
> announced as being deprecated a very long time ago. This application
> should have been fixed a long time ago. Why can't you modify your
> application? Sorry to say, but if you can't modify the application, then
> it can't be used to connect to an Oracle 9i database. IMO, it is better
> to fix the broken design than to continue to use it in this manner.
>
>
> Cheers,
> Brian
Thanks Brian, I needed that!
On a serious note...I'm 100% for fixing the broken program somehow, someway - can you call in the prior programmer or company for some consulting work to fix it? Can you buy the old source code? I can't believe -any- app would've worked like that!
But if that's not possible- sqlnet traffic is just data over a TCP/IP port.
I wonder if some port programming could be done. Maybe you could hire
someone to listen to port 1521, and when "connect internal" comes up, have
the program change the "internal" to a different username. Of course if you
were using OAS (Oracle Advanced Security) with encryption, this solution
won't work. Don't even ask me how this would be done... but I'm sure it Can
be done. It'd probably also bog the server down because the program would
be checking every byte of data coming across port 1521. Try doing a google
search for something like
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=.net+porthandler
to get some ideas... Microsoft .NET has an HttpModule that intercepts port
80 traffic, maybe you can modify it for port 1521 traffic.
And here's one final solution. How often does this app use "connect internal"? Have you looked at the binaries for this program with a hex editor? Maybe you'll get lucky, and you'll see (in a hex editor) 49-4E-54-45-52-4E-41-4C ("INTERNAL") hanging around, and you could change it to another 8 character username (such as "dumbidea", maybe.) Then you could create the dumbidea account on the Oracle 9i database, with permissions similar to that of the Oracle 8i's internal account. Maybe you'd even want to LIMIT the access that the dumbidea account would have!
I hope those gave you some different ideas!
-Thomas Received on Thu Mar 18 2004 - 14:34:24 CST
 |
 |