Re: need better security with SQL*Net and ORASRV
Date: 3 Nov 92 04:10:14 GMT
Message-ID: <1992Nov3.041014.29016_at_cmutual.com.au>
In article <1992Nov2.135623.18274_at_cs.umb.edu>, pytlik_at_ra.cs.umb.edu (Marek
Pytlik) writes:
> >>
> >> My problem is with the ORASRV process running I cannot prevent (at
> >> least so far) ANY user from ANY other system running Oracle from gaining
> >> access to MY system's Oracle via SQL*Net. The ORASRV process allows
> >> access to OPS$J user accounts on other system is the username is the
> >> same.
> >
> >For what you want to do, it is possible by starting up your orasrv using
> > "orasrv opsoff"
>
> so here you functionality of ops$login goes down the drain, and each user
> doing login into database has to type over and over password/username.
>
No, what this means is that you are unable to use OPS$login if you are comming across the network ie using SQL*Net. You can still use OPS$login if you are running your program on the host machine (ie you are log on the host).
> >
> >Access using OPS$user_account via SQL*Net is the least of your worries.
>
> why do you think so?
As explained below.
>
> >You should be more concerned about remote access using remote SQLDBA
> >
> > SQLDBA> Connect internal
> > or even
> > SQLDBA> shutdown abort
> >
> >I wont go into details about how this done but to avoid this probable security
> >breach, I suggest that you startup your orasrv using> >
> > "orasrv opsoff dbaoff"
> >
>
> I understand that pre 2.0 sql net has problems with security on some platforms.
> I have experienced that myself on Oracle under Unix. I don't know how this
> is worked out in sqlnet 2.0. Hope they fixed it up.
>
With - orasrv DBAON and - you are using TWO_TASK and - you are on the host machine
you are still able to connect internal. This is disabled if you start up orasrv with DBAOFF. The message you will get is ORA-01031: insufficient privileges
To to connect to the database, you will need to specify you name/password.
-- _____ ________ / ____ |Tony Jambu, Database Administrator /_ __ /_ __ / |Colonial Mutual Life Australia. (ACN 004021809) /(_)/ ((_/ \_/(///(/_)/_( |EMAIL: TJambu_at_cmutual.com.au \_______/ |PHONE: +61-3-6076448 FAX: +61-3-6076198Received on Tue Nov 03 1992 - 05:10:14 CET