Re: Oracle 7.2 security
Date: 21 Jun 1999 08:47:28 -0400
Message-ID: <ud7yppvof.fsf_at_us.oracle.com>
It depends on the applications accessing the database. If the application is doing its own security, in other words, it validates the users' passwords and then connects to the database as a privileged user, then the answer is most likely "no" without rewriting the application.
However, if users are connecting directly to the database, then you can create each user identified externally, which means that the Oracle server will validate the client's identity by calling out to Unix. One caveat, though: this will only work securely if the user is connecting through the bequeath protocol adapter.
I'm confused, though, about this "invisible user." Is this user actually an Oracle application through which the users connect to the database? If so, then, a rewrite will be in order.
Rick
Rick Wessman
Security and Directory Technologies
Server Technologies
Oracle Corporation
rwessman_at_us.oracle.com
"voir e-mail" <adresse_at_wanadoo.fr> writes:
> Message en plusieurs parties et au format MIME.
>
> ------=_NextPart_000_0032_01BEBA71.1DFDDDC0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> A database Oracle v. 7.2 is installed on my system which is a Sun =
> network ( O.S. Solaris )
> There is an "invisible" user who is set when Oracle launches itself ( =
> "set oracle user =3D... set oracle passwd =3D ... ). This user can =
> access to the entire database.
> I've built a security policy based on Unix rights, logins and passwords =
> : each user has specific rights on the different datas of the database.
> But if one of them can discover the login/password of the "invisible" =
> user, my policy does not match !
> My question is : can i use the Oracle v 7.2 database only with my UNIX =
> users ( and remove the oracle default user ), or can i protect (cypher) =
> the login/password of this user ? Some Oracle tools or patch exist for =
> this ?
> Thank you,
> _______ Gilles.Fourcaud_at_wanadoo.fr __________
>
> ------=_NextPart_000_0032_01BEBA71.1DFDDDC0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
> <HTML>
> <HEAD>
>
> <META content=3Dtext/html;charset=3Diso-8859-1 =
> http-equiv=3DContent-Type>
> <META content=3D'"MSHTML 4.72.3110.7"' name=3DGENERATOR>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT color=3D#000000 face=3DArial size=3D2>A database Oracle v. =
> 7.2 is installed=20
> on my system which is a Sun network ( O.S. Solaris )</FONT></DIV>
> <DIV><FONT color=3D#000000 face=3DArial size=3D2>There is an =
> "invisible"=20
> user who is set when Oracle launches itself ( "set oracle user =
> =3D... set=20
> oracle passwd =3D ... ). This user can access to the entire =
> database.</FONT></DIV>
> <DIV><FONT color=3D#000000 face=3DArial size=3D2>I've built a security =
> policy based on=20
> Unix rights, logins and passwords : each user has specific rights on the =
>
> different datas of the database.</FONT></DIV>
> <DIV><FONT color=3D#000000 face=3DArial size=3D2>But if one of them can =
> discover the=20
> login/password of the "invisible" user, my policy does not =
> match=20
> !</FONT></DIV>
> <DIV><FONT color=3D#000000 face=3DArial size=3D2>My question is : can i =
> use the Oracle=20
> v 7.2 database only with my UNIX users ( and remove the oracle default =
> user ),=20
> or can i protect (cypher) the login/password of this user ? Some Oracle =
> tools or=20
> patch exist for this ?</FONT><FONT color=3D#000000 face=3DArial =
> size=3D2><BR>Thank=20
> you,<BR>_______ <A=20
> href=3D"mailto:Gilles.Fourcaud_at_wanadoo.fr">Gilles.Fourcaud_at_wanadoo.fr</A>=
> =20
> __________</FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_0032_01BEBA71.1DFDDDC0--
>
Received on Mon Jun 21 1999 - 14:47:28 CEST