On Aug 17, 1:43 pm, adrian_ang <adrian_..._at_abv.bg> wrote:
> Hi all,
>
> I have a question about sqlnet.ora file security on a host running
> Linux. As far as I know the only way without additional
> options( Database Vault) to forbid connect as sysdba without password
> on the database host is to add an entry in $ORACLE_HOME/network/admin/
> sqlnet.ora. This works ok, but how to secure this file? If I'm able to
> secure this file, for example with the immutable file attribute, it's
> meaningless , because everyone who can log on can set TNS_ADMIN
> environment variable to point to somewhere else and create there a new
> sqlnet.ora file without the entry. Why Oracle made such a feature when
> it doesn't help at all?
> Is Database Vault the only option to forbid this access? Have you
> faced this problem , how did you resolved it?
>
> Thank You!
> Adrian Angelov
Please refer to a whitepaper called 'Project Lockdown' written by Arup
Nanda on http://otn.oracle.com
--
Sybrand Bakker
Senior Oracle DBA
Received on Fri Aug 17 2007 - 07:35:11 CDT
