Re: OPS$LOGIN : security hole?

From: Marek Pytlik <pytlik_at_ra.cs.umb.edu>
Date: 18 Dec 92 02:23:52 GMT
Message-ID: <1992Dec18.022352.3477_at_cs.umb.edu>

In article <1go861INN4hv_at_rave.larc.nasa.gov> p228_at_uni05.larc.nasa.gov (Bailey Bob) writes:
>In article <8aT=R#A_at_engin.umich.edu> lwk_at_engin.umich.edu (Lewis W Kellum) writes:
>>
>>Here's another question: If I know Mr.Schow's unix login id, and the internet
>>hostname of his Oracle server, what keeps me from creating his login id
>>on my host and connecting to his ops$ oracle account? - Woody Kellum
>
>The only way the ops$ account works without a password is when you are
>directly logged into the host server at the OS level. If you connect to
>the host via SQL*Net, the RDBMS will require entry of the password.
>
>Bob Bailey
that is not true in case of unix (clinent) to unix (server). smith on client can access smith's database account on server. Received on Fri Dec 18 1992 - 03:23:52 CET

This message: [ Message body ]
Next message: Joel Fedorko: "Re: OPS$LOGIN :security hole?"
Previous message: Mark McGloughlin: "Re: OPS$LOGIN : security hole?"
Maybe in reply to: Marek Pytlik: "Re: OPS$LOGIN : security hole?"
In reply to Lewis W Kellum: "OPS$LOGIN :security hole?"
Next in thread: Joel Fedorko: "Re: OPS$LOGIN :security hole?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message