Re: OPS$LOGIN : security hole?

From: Mark McGloughlin <mcglough_at_glas.rtsg.mot.com>
Date: Thu, 17 Dec 1992 09:46:26 GMT
Message-ID: <1992Dec17.094626.3946_at_glas.rtsg.mot.com>

p228_at_uni05.larc.nasa.gov (Bailey Bob) writes:

>The only way the ops$ account works without a password is when you are
>directly logged into the host server at the OS level. If you connect to
>the host via SQL*Net, the RDBMS will require entry of the password.

Bob,
I am afraid that you are mistaken there. I have an Oracle 6.0.33 db running on a Sun network with YP (or NIS) running. One the password map is available to the host, the ops$login works without a password. You do not have to be logged in to the host computer. In fact, at this site, non-administrative users don't even have access to the Oracle host.

sqlplus /_at_oracle_host

works for them all....

I am not sure what happens if the host is not running YP though....

Mark...

-- 
   _   _     Mark McGloughlin            | Ph:   +353-21-357101
 _/ \_/ \_   Motorola Ireland Ltd.       | Fax:  +353-21-357635        
/ \_/ \_/ \  Cellular Infrastructure Div | POST: Q10543_at_email.mot.com
\_/ \_/ \_/  Blackrock, Cork, Ireland.   | Inet: mcglough_at_glas.rtsg.mot.com

Received on Thu Dec 17 1992 - 10:46:26 CET

This message: [ Message body ]
Next message: Marek Pytlik: "Re: OPS$LOGIN : security hole?"
Previous message: Joel Garry: "Re: Barcoding and oracle."
Maybe in reply to: Marek Pytlik: "Re: OPS$LOGIN : security hole?"
In reply to Bailey Bob: "Re: OPS$LOGIN :security hole?"
Next in thread: Lewis W Kellum: "OPS$LOGIN :security hole?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message