Bambi,
Do you ( or anyone else for that matter ) have an example of how
to setup remote_os_authent so that it is insecure?
With Sqlnet v1 and early v2 I think, all you had to do was set the
value of USER_ID in oracle.ini.
e.g. USER_ID = jkstill
where 'jkstill' is identified externally.
I have been able to setup an account on a remote database that
allows me to login via ' sqlplus "/@ifsdev" ', but only into an account
that matches my NT client login name.
If you know how to do this so that another account such as SYSTEM
could be logged into via a backdoor as in days of yore, I'd sure like
to see it. If for no other reason than just to make sure I never set up
a database/client to work that way. :)
Jared
"Bellows, Bambi" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/30/02 02:55 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: OPS$
Well, yes, the can set their name to SYSTEM, SYS, SCOTT, whatever, and so
long as your authentication demands an OPS$ or basically any other non
null
string of characters, who cares? OPS$SYSTEM is not going to wind up being
a
DBA... now, if OPS$STILL is a DBA, and someone sets their PC to STILL,
then
you've got a problem.
The long and short of it is that the OPS security is only as good as the
box
it is serving. If you're on any computer with C level security or higher,
there is nothing wrong with using OPS$ as you are using operating system
level security. So, if, for example, you are using VMS, MVS, CDC, Cray,
or
anything us old folks might have used 10 years ago, OPS$ is terrific. If
your operating system is making Bill Gates richer, you have no security to
speak of.
The question you want to ask yourself is how good is your front-end
security?
-----Original Message-----
Sent: Wednesday, January 30, 2002 4:26 PM
To: Multiple recipients of list ORACLE-L
Can you explain that? You have me scared now.
-----Original Message-----
Sent: Wednesday, January 30, 2002 4:00 PM
To: Multiple recipients of list ORACLE-L
They can also set their username to 'SYSTEM'.
Jared
Rachel Carmichael <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
01/30/02 11:25 AM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L
<[EMAIL PROTECTED]>
cc:
Subject: Re: OPS$
anyone can name their pc "oracle" and then connect in if you set
"remote_os_authent"
--- "Smith, Ron L." <[EMAIL PROTECTED]> wrote:
> Does anyone have any information on security problems using the OPS$
> account?
>
> Ron
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Smith, Ron L.
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
> San Diego, California -- Public Internet access / Mailing
> Lists
> --------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions!
http://auctions.yahoo.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Smith, Ron L.
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Bellows, Bambi
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
