? security leak in Oracle7.1 on WindowsNT ?
Date: 1995/08/31
Message-ID: <4244e6$om6_at_fred.cas-ps.com>#1/1
I'm using Oracle7 Server Release 7.1.3.3.6 - Production Release on WindowsNT 3.5.1.
After adding the value DBA_AUTHORIZATION:REG_SZ:BYPASS
to the NT-registry-key /HKEY_LOCAL_MACHINE/SOFTWARE/ORACLE
sqldba allows me to 'connect internal' without password checking.
( Without the entry a password is required to connect internal )
The problem is, that AFAIK ANY(!?) user with permission to 'log on locally' can edit this part of the registry and so can 'grant' himself unlimited access to the database.
Do you consider this to be a security leak or do you know how to prevent a 'normal' user from manipulating this part of the registry? Is this behaviour a feature or a bug that will be fixed in coming releases?
( Interestingly, as I tried the same entry on
Oracle7 Workgroup Server Release 7.1.3.3.3 - Production Release
on WinNT3.5 it seemed to have no effect, the sqldba of this release
ignores the entry and still requires a password to connect internal. )
Thanks
-- _/_/_/ _/_/_/ _/ _/ // Reinhard Kuhn / It can be _/ _/ _/ _/ _/ // (kuhn_at_cas-ps.com) / done quickly, _/_/_/ _/_/_/ _/_/ // CAS GmbH / cheaply or well _/ _/ _/ _/ _/ // Lemberger Strasse 14 / - pick any two! _/ _/ _/_/_/ _/ _/ // 66955 Pirmasens, Germany /Received on Thu Aug 31 1995 - 00:00:00 CEST