Re: Oracle and NT Password Sync programs?

From: I hate Spam <tbf_at_nospam.stam.dk>
Date: Fri, 26 Jan 2001 13:49:05 +0100
Message-ID: <07s27t4om0u36o2defnl71ql9moea83r01_at_4ax.com>

On Thu, 25 Jan 2001 06:19:29 +0100, "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote:

>Use externally identified users in Oracle and you don't have this problem.
>IMO, if you have both an O/S password and an Oracle password, they shouldn't
>be the same, or you would better use externally identified users. In this
>case when connecting to Oracle your users don't have to provide a password,
>which is identical to your procedure of using the same password.

Unfortunately externally identified users give a big security problem. You can with a few simple steps get access to Oracle if you know just the user name. There is a remedy for this in 8.1.6, provided you incorporate the authenticating domain in the user name, but that gives some ugly user names like 'MYDOMAIN$SCOTT'

Yours Hans Erik Busk
tbf_at_cn.stam.dk Received on Fri Jan 26 2001 - 13:49:05 CET

This message: [ Message body ]
Next message: Flash: "Oracle Enterprise Manager 2.2"
Previous message: Andrey Radchenko: "Re: Forms 6i issue"
Maybe in reply to: Don't Bother: "Oracle and NT Password Sync programs?"
In reply to Sybrand Bakker: "Re: Oracle and NT Password Sync programs?"
Next in thread: Patrick Ryan: "Re: Extracting data from LOB's using PL/SQL or PHP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message