Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Security question.
Shabble wrote:
> Oracle version embedded.
> Situation :- logged in to the UNIX account which owns Oracle, and opening
> Sqlplus with the sys account.
> Problem:- The sys account doesn't seem to care what password is used,
> anything seems to do!
> Question:- Why? Is this normal or is my system iffy?
>
> SQL*Plus: Release 9.2.0.4.0 - Production on Wed May 4 13:40:43 2005
>
> Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
>
> SP2-0640: Not connected
> SQL> connect sys/zzzxxx as sysdba
> Connected.
> SQL> exit
> Disconnected from Oracle9i Enterprise Edition Release 9.2.0.4.0 - 64bit
> Production
> With the Partitioning, Oracle Label Security, OLAP and Oracle Data Mining
> options
> JServer Release 9.2.0.4.0 - Production
>
> SQL*Plus: Release 9.2.0.4.0 - Production on Wed May 4 13:45:00 2005
>
> Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
>
> SP2-0640: Not connected
> SQL> connect sys/aaabbb as sysdba
> Connected.
> SQL> exit
> Disconnected from Oracle9i Enterprise Edition Release 9.2.0.4.0 - 64bit
> Production
> With the Partitioning, Oracle Label Security, OLAP and Oracle Data Mining
> options
> JServer Release 9.2.0.4.0 - Production
>
> regards,
> Shabble.
>
>
As root, you can:
poweroff -n -q
Your system doesn't complain, either.
You are logged on as *owner* of the software, and you tell oracle so, by using the 'as sysdba' clause. Oracle then only checks if you are the owner, if not - it'll trow an 1031.
If you use sys, without the 'as sysdba' (or 'sysoper'), you'll also get an error. Yes - Oracle stil is picky!
Oh - and it won't work remotely!
-- Regards, Frank van BortelReceived on Wed May 04 2005 - 08:08:52 CDT