Re: need better security with SQL*Net and ORASRV
Date: Tue, 3 Nov 1992 15:32:26 GMT
Message-ID: <RWESSMAN.92Nov3073226_at_prodhp.us.oracle.com>
In article <1992Nov3.041014.29016_at_cmutual.com.au> aaj_at_cmutual.com.au (Tony Jambu) writes:
Path: oracle!uunet!spool.mu.edu!olivea!sgigate!sgiblab!munnari.oz.au!yarrina.connect.com.au!cmutual.com.au!aaj
From: aaj_at_cmutual.com.au (Tony Jambu)
Newsgroups: comp.databases.oracle
Date: 3 Nov 92 04:10:14 GMT
Organization: Colonial Mutual Group
Lines: 66
> In article <1992Nov2.135623.18274_at_cs.umb.edu>, pytlik_at_ra.cs.umb.edu (Marek
> Pytlik) writes:
> With Oracle 7/SQL*Net V2, you have to connect to the database before your are
> allowed to carry out any DBA commands in SQLDBA eg startup or shutdown. This
> fix up a small security hole with the current version of SQL*Net.
That's right.
> You are not not allowed to connect internal thru' SQL*Net if you are not on the
> host machine no matter what your orasrv DBAON/DBAOFF setting is (V7/Net V2).
In the production version of ORACLE7, this will not be true. It will be
possible to connect remotely but only if the DBA allows it.
Rick Wessman rwessman_at_us.oracle.com -- Rick Wessman rwessman_at_us.oracle.comReceived on Tue Nov 03 1992 - 16:32:26 CET