Re: OPS$LOGIN : security hole?
Date: Thu, 17 Dec 1992 09:46:26 GMT
Message-ID: <1992Dec17.094626.3946_at_glas.rtsg.mot.com>
p228_at_uni05.larc.nasa.gov (Bailey Bob) writes:
>The only way the ops$ account works without a password is when you are
>directly logged into the host server at the OS level. If you connect to
>the host via SQL*Net, the RDBMS will require entry of the password.
Bob,
I am afraid that you are mistaken there. I have an Oracle 6.0.33 db
running on a Sun network with YP (or NIS) running. One the password
map is available to the host, the ops$login works without a password.
You do not have to be logged in to the host computer. In fact, at
this site, non-administrative users don't even have access to the
Oracle host.
sqlplus /_at_oracle_host
works for them all....
I am not sure what happens if the host is not running YP though....
Mark...
-- _ _ Mark McGloughlin | Ph: +353-21-357101 _/ \_/ \_ Motorola Ireland Ltd. | Fax: +353-21-357635 / \_/ \_/ \ Cellular Infrastructure Div | POST: Q10543_at_email.mot.com \_/ \_/ \_/ Blackrock, Cork, Ireland. | Inet: mcglough_at_glas.rtsg.mot.comReceived on Thu Dec 17 1992 - 10:46:26 CET