Re: ORACLE on the DEC Alpha AXP
Date: 15 Dec 92 14:42:20 GMT
Message-ID: <1992Dec15.144220.25349_at_relay.nswc.navy.mil>
Steve Schow writes:
>We routinely use the OPS$LOGIN feature of Oracle for all of our users. This
>way they don't have to worry about anything once they are logged onto the
>UNIX machine. They just type program / to run it with their UNIX login info.
>Question:
>When we create a new user as follows:
> grant connect to ops$user identified by bogus;
>and we actually use the word 'bogus' as the oracle password.
>Does this mean that user ops$user could login to Oracle with either
>the /, which would use his UNIX login info, or with 'bogus' as the
>password?
Yes, this is EXACTLY the case.
>Could a user go into sql*plus with any convienient name and type
>to get into that user's oracle account
Again, Yes.
>We routinely use bogus to define new oracle users, but I am concerned about
I would NOT suggest making the Oracle password the same as the system password.
In many systems the logon password should only be known by the individual
user. However, there's now need for *anyone* to have to know the ops$ password
for an individual user - he/she doesn't need to know it, and the DBA can
always reset it without the user even being aware that it has been reset.
So use something random, and different for each ops$ account. I like to pick
a 3 or 4 digit (or larger) number and then spell it out in words. Example:
two_thousand_three_hundred_eleven. *Nobody* including you will remember
>security loop holes. We also use a number of macintosh client products that
>use the ops$user with the UNIX password to login. I am beginning to think
>that we should make sure that the Oracle password is the same as the UNIX
>password and NOT use bogus for everyone?!_at_#%