Re: Oracle and NT Password Sync programs?
Date: Fri, 26 Jan 2001 13:49:05 +0100
Message-ID: <07s27t4om0u36o2defnl71ql9moea83r01_at_4ax.com>
On Thu, 25 Jan 2001 06:19:29 +0100, "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote:
>Use externally identified users in Oracle and you don't have this problem.
>IMO, if you have both an O/S password and an Oracle password, they shouldn't
>be the same, or you would better use externally identified users. In this
>case when connecting to Oracle your users don't have to provide a password,
>which is identical to your procedure of using the same password.
Unfortunately externally identified users give a big security problem. You can with a few simple steps get access to Oracle if you know just the user name. There is a remedy for this in 8.1.6, provided you incorporate the authenticating domain in the user name, but that gives some ugly user names like 'MYDOMAIN$SCOTT'
Yours Hans Erik Busk
tbf_at_cn.stam.dk
Received on Fri Jan 26 2001 - 13:49:05 CET