yep... any account set up as "identified externally" should have its privileges scrutinized CAREFULLY and you should not grant any of the default roles, Connect, Resource and most especially NOT DBA.
--- "Deshpande, Kirti" <[EMAIL PROTECTED]> wrote: > We use REMOTE_OS_AUTHENT in many of our databases. I know we > shouldn't do > this, but we have to, and that's another topic... > > We also use a specific auth prefix. > > Now, can someone show me how a Windoze user, 'GOD' get in the > database when > I do not have a user, '<Auth_Prefix>GOD' in my database. > > I say, I have nothing to worry about this setup as long as 'GOD' user > in my > database is controlled appropriately via roles, grants, profile > etc.... > > Sure, if I had <auth_prefix>GOD in the database, I will be looking > for > another job.... > Right? > > - Kirti > > -----Original Message----- > Sent: Wednesday, January 30, 2002 4:45 PM > To: Multiple recipients of list ORACLE-L > > > "Smith, Ron L." wrote: > > > > Can you explain that? You have me scared now. > > > > Ron, > > Do not forget the postulate 'if you set remote_os_authent to > TRUE'. > This is not the default (although it has not always been, but it > dates > back to SQL*Net V1) > > > -----Original Message----- > > Sent: Wednesday, January 30, 2002 4:00 PM > > To: Multiple recipients of list ORACLE-L > > > > They can also set their username to 'SYSTEM'. > > > > Jared > > > > Rachel Carmichael <[EMAIL PROTECTED]> > > Sent by: [EMAIL PROTECTED] > > 01/30/02 11:25 AM > > Please respond to ORACLE-L > > > > > > To: Multiple recipients of list ORACLE-L > <[EMAIL PROTECTED]> > > cc: > > Subject: Re: OPS$ > > > > anyone can name their pc "oracle" and then connect in if you set > > "remote_os_authent" > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Deshpande, Kirti > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing > Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
