Re: need better security with SQL*Net and ORASRV

In article <1992Oct31.121032.26479_at_cmutual.com.au> aaj_at_cmutual.com.au (Tony Jambu) writes:
>In article <1992Oct29.181750.1_at_bbs.mdcbbs.com>, you write:
>> I have a system running Oracle that has an ORASRV process running.
>> My users that have local accounts also have OPS$ accounts so they
>> can get automatic logins.
>>
>> My problem is with the ORASRV process running I cannot prevent (at
>> least so far) ANY user from ANY other system running Oracle from gaining
>> access to MY system's Oracle via SQL*Net. The ORASRV process allows
>> access to OPS$J user accounts on other system is the username is the
>> same.
>
>For what you want to do, it is possible by starting up your orasrv using
> "orasrv opsoff"

so here you functionality of ops$login goes down the drain, and each user doing login into database has to type over and over password/username.

>
>Access using OPS$user_account via SQL*Net is the least of your worries.

why do you think so?

>You should be more concerned about remote access using remote SQLDBA
>
> SQLDBA> Connect internal
> or even
> SQLDBA> shutdown abort
>
>I wont go into details about how this done but to avoid this probable security
>breach, I suggest that you startup your orasrv using
>
> "orasrv opsoff dbaoff"
>
>Happy hacking
>
>
>
>--
> _____ ________ / ____ |Tony Jambu, Database Administrator
> /_ __ /_ __ / |Colonial Mutual Life Australia. (ACN 004021809)
> /(_)/ ((_/ \_/(///(/_)/_( |EMAIL: TJambu_at_cmutual.com.au
> \_______/ |PHONE: +61-3-6076448 FAX: +61-3-6076198
I understand that pre 2.0 sql net has problems with security on some platforms. I have experienced that myself on Oracle under Unix. I don't know how this is worked out in sqlnet 2.0. Hope they fixed it up.

Mark Received on Mon Nov 02 1992 - 14:56:23 CET