Re: os authentication and graphics builder

From: I hate Spam <tbf_at_cn.stam.dk>
Date: Sun, 22 Jul 2001 06:55:01 GMT
Message-ID: <133ujt8hcvtjc78q2outods3vg7lgbqvik_at_4ax.com>

On Sat, 30 Jun 2001 13:55:13 GMT, "Bryan and Jennifer Wise" <bjwise96_at_hotmail.com> wrote:

>From graphics builder:
>username blank, passwork blank gives:
>ora-03121: no interface driver connected
>username /, password blank gives OG-01904 could not open the database store,
>but if I hit cancel then I'm connected and I can develop.

Not nice, but Ok - a work around for a developer.

>Running a form with a graphic attached:
>username blank, password blank gives ora-00000 and doesn't connect (that's
>my favorite)
>username / password blank gives pde-per0001 internal error(aaac44
>6401,,0,ora06401:...)
>followed by OG-01904 could not open the database store and does not connect.

Yes, I think that is completely useless.

>I using domain\username and our users only have NT domain account. I
>haven't heard about the security problems. I've just started playing with
>os authentication. Could you give me some more info, or some references?

I cite from the Installing, Migrating and upgrading manual from release 8.1.5. the section about enabling NT native authentication:

"For better security in a domain environment, we have changed the default for Oracle 8i so that external users created in the database are prefixed with domain name.
For example, for an NT user DOMAIN1\NTUSER1, the Oracle user created in the database should be DOMAIN1\NTUSER1. But you can set the registry value
OSAUTH_PREFIX_DOMAIN in HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\HOME_ID to FALSE if you do not want to prefix the domain name. Please note that it is less secure if you do not prefix the domain name."

If you don't include the domain part in the user name it is possible to connect to the database just by creating a local user on an NT-computer (does not even have to be a member of the domain) with the same name as one of your externally identified users. As that user name is authenticated by NT Oracle thinks it is Ok to log you on with the rights of that Oracle-username.

Yours Hans Erik Busk
tbf_at_cn.stam.dk Received on Sun Jul 22 2001 - 08:55:01 CEST

This message: [ Message body ]
Next message: Sybrand Bakker: "Re: os authentication and graphics builder"
In reply to Bryan and Jennifer Wise: "Re: os authentication and graphics builder"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message