Rachel Carmichael wrote: > > yep... any account set up as "identified externally" should have its > privileges scrutinized CAREFULLY and you should not grant any of the > default roles, Connect, Resource and most especially NOT DBA. >
Rachel, I assume that you mean 'when remote_os_authent is set to TRUE', in which case I fully agree with you. Otherwise, my position is : a) Keep remote_os_authent to FALSE b) Use an ops$oracle or similar account as DBA for maintenance tasks you regularly run through cron or similar - you will not have any hard-coded password anywhere c) When people want to create database links to your database, create a SPECIFIC account for it, with minimal privileges d) Educate your users e) Educate your users f) Educate your users -- Regards, Stephane Faroult Oriole Ltd -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Stephane Faroult INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
