Re: OPS$LOGIN :security hole?

From: Dale Cook <cdm_at_pmafire.inel.gov>
Date: Thu, 17 Dec 92 00:39:07 GMT
Message-ID: <1992Dec17.003907.26151_at_pmafire.inel.gov>

In article <1go861INN4hv_at_rave.larc.nasa.gov> p228_at_uni05.larc.nasa.gov (Bailey Bob) writes:
>In article <8aT=R#A_at_engin.umich.edu> lwk_at_engin.umich.edu (Lewis W Kellum) writes:
>>
>>Here's another question: If I know Mr.Schow's unix login id, and the internet
>>hostname of his Oracle server, what keeps me from creating his login id
>>on my host and connecting to his ops$ oracle account? - Woody Kellum
>
>The only way the ops$ account works without a password is when you are
>directly logged into the host server at the OS level. If you connect to
>the host via SQL*Net, the RDBMS will require entry of the password.

I beg to differ. I regularly use my ops$ account over our local net, and a password is NOT required.

In answer to the above question, the only way I know of is to not have your server connected to the internet. If you're worried about security, you don't want the world having a path to your door. Use a firewall system as a front to the internet. You may also need to have his user number, but I don't know for sure.

...Dale Cook "I don't much care how a man prays -- there's plenty of

                 room in hell for all of us."  --- "Mad Jack" Duncan

The opinions are mine only (i.e., they are NOT my employer's)

Received on Thu Dec 17 1992 - 01:39:07 CET

This message: [ Message body ]
Next message: Marek Podgorny: "Using and RDBMS for scientific apps?"
Previous message: Bailey Bob: "Re: OPS$LOGIN :security hole?"
Maybe in reply to: Lewis W Kellum: "OPS$LOGIN :security hole?"
In reply to Lewis W Kellum: "OPS$LOGIN :security hole?"
Next in thread: Dave Dargo: "Re: Question about OPS$LOGIN and Oracle Passwords"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message