Re: SQL*NET/orasrv security problem
Date: Wed, 6 Apr 1994 15:00:23
Message-ID: <ks.45.000F01C3_at_ic.uva.nl>
In article <2nu6lp$ng7_at_hafro.is> gunnaro_at_hafro.is (Gunnar Orvarsson) writes:
>Hi.
>We are running Oracle/7 and SQL*NET's orasrv on a Unix server. We would
>like to be able to connect to our database as ops$<user> from other machines
>on our network without having to specify a password, that is we would like
>to be able to use connection commands like 'sqlplus /', given the correct
>value of the TWO_TASK environment variable. Setting REMOTE_OS_AUTHENT =
>true in the init<sid>.ora file, seems to makes this possible.
>This would be great, if we could allow connections from CERTAIN MACHINES
>MACHINES ONLY, i.e. those that are on our network or in our administrative
>domain. But unfortunantely, this doesn't seem to be the way orasrv works.
>Allowing this kind of access to workstations on our network seems to enable
>users with the same login name on ANY machine on the Internet to connect to
>our database.
>Does anyone know a way to make orsrv allow connections from certain machines
>only? Are there any ways at all to prevent logins from machines from the
>outside (and staying on the Internet)? Might there exist some public domain
>security packages to take care of this?
Regards,
Karel
| Karel Sprenger | Email: ks_at_ic.uva.nl | | Informatiseringscentrum | phone: +31-20-525 2302 | | Universiteit van Amsterdam | +31-20-525 2741 || Turfdraagsterpad 9, NL-1012 XT AMSTERDAM | fax : +31-20-525 2084 | | *** PGP Public Key available on request *** | home : +31-20-675 0989 | Received on Wed Apr 06 1994 - 15:00:23 CEST