SQL*NET/orasrv security problem
Date: 6 Apr 1994 11:33:13 GMT
Message-ID: <2nu6lp$ng7_at_hafro.is>
Hi.
We are running Oracle/7 and SQL*NET's orasrv on a Unix server. We would like to be able to connect to our database as ops$<user> from other machines on our network without having to specify a password, that is we would like to be able to use connection commands like 'sqlplus /', given the correct value of the TWO_TASK environment variable. Setting REMOTE_OS_AUTHENT = true in the init<sid>.ora file, seems to makes this possible.
This would be great, if we could allow connections from CERTAIN MACHINES MACHINES ONLY, i.e. those that are on our network or in our administrative domain. But unfortunantely, this doesn't seem to be the way orasrv works. Allowing this kind of access to workstations on our network seems to enable users with the same login name on ANY machine on the Internet to connect to our database.
Does anyone know a way to make orsrv allow connections from certain machines only? Are there any ways at all to prevent logins from machines from the outside (and staying on the Internet)? Might there exist some public domain security packages to take care of this?
Best regards,
-- Gunnar Orvarsson Internet: gunnaro_at_hafro.is Hafrannsoknastofnunin/Fiskistofa Telephone: +354 1 697909 (Marine Research Inst./Directorate of Fisheries) Fax: +354 1 697991 Ingolfsstraeti 1, Reykjavik, Iceland Home phone: +354 1 813253Received on Wed Apr 06 1994 - 13:33:13 CEST