I understood that but the point is, unless the account has both DBA privileges AND is identified externally, the problem doesn't exist as such
--- Jared Still <[EMAIL PROTECTED]> wrote: > > The SYSTEM account was just an example, it could be any > account with DBA privileges. > > With current versions of Oracle I haven't found any 'backdoors' > such as the one that existed in Oracle 7.x, though I may keep > looking. > > Jared > > On Wednesday 30 January 2002 18:05, Rachel Carmichael wrote: > > okay if the prefix string is set to an empty string, then the "OS > > username" is the same name as that used to sign in to the client. > So > > if you have an empty prefix, and someone logs onto their PC as > "SYSTEM" > > then if they do sqlplus, they should be able to get into the system > > account. > > > > Except... system isn't set as "identified externally" they'd have > to > > enter the password right? Jared?????? > > > > but any Oracle account you create as "identified externally" > (meaning > > the OS does the password validation, Oracle presumes the security > is > > there) can log onto the database by setting the client login to > that > > name > > > > --- "Smith, Ron L." <[EMAIL PROTECTED]> wrote: > > > Can you explain that? You have me scared now. > > > > > > -----Original Message----- > > > Sent: Wednesday, January 30, 2002 4:00 PM > > > To: Multiple recipients of list ORACLE-L > > > > > > > > > They can also set their username to 'SYSTEM'. > > > > > > Jared > > > > > > > > > > > > > > > > > > Rachel Carmichael <[EMAIL PROTECTED]> > > > Sent by: [EMAIL PROTECTED] > > > 01/30/02 11:25 AM > > > Please respond to ORACLE-L > > > > > > > > > To: Multiple recipients of list ORACLE-L > > > <[EMAIL PROTECTED]> > > > cc: > > > Subject: Re: OPS$ > > > > > > > > > anyone can name their pc "oracle" and then connect in if you set > > > "remote_os_authent" > > > > > > --- "Smith, Ron L." <[EMAIL PROTECTED]> wrote: > > > > Does anyone have any information on security problems using the > > > > > > OPS$ > > > > > > > account? > > > > > > > > Ron > > > > -- > > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > > > -- > > > > Author: Smith, Ron L. > > > > INET: [EMAIL PROTECTED] > > > > > > > > Fat City Network Services -- (858) 538-5051 FAX: (858) > 538-5051 > > > > San Diego, California -- Public Internet access / > Mailing > > > > Lists > > > > > > > -------------------------------------------------------------------- > > > > > > > To REMOVE yourself from this mailing list, send an E-Mail > message > > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') > and in > > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > > (or the name of mailing list you want to be removed from). You > may > > > > also send the HELP command for other information (like > > > > > > subscribing). > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Great stuff seeking new owners in Yahoo! Auctions! > > > http://auctions.yahoo.com > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > > -- > > > Author: Rachel Carmichael > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- (858) 538-5051 FAX: (858) > 538-5051 > > > San Diego, California -- Public Internet access / Mailing > > > Lists > > > > -------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and > in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You > may > > > also send the HELP command for other information (like > subscribing). > > > > > > > > > > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > > -- > > > Author: > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- (858) 538-5051 FAX: (858) > 538-5051 > > > San Diego, California -- Public Internet access / Mailing > > > Lists > > > > -------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and > in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You > may > > > also send the HELP command for other information (like > subscribing). > > > -- > > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > > -- > > > Author: Smith, Ron L. > > > INET: [EMAIL PROTECTED] > > > > > > Fat City Network Services -- (858) 538-5051 FAX: (858) > 538-5051 > > > San Diego, California -- Public Internet access / Mailing > > > Lists > > > > -------------------------------------------------------------------- > > > To REMOVE yourself from this mailing list, send an E-Mail message > > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and > in > > > the message BODY, include a line containing: UNSUB ORACLE-L > > > (or the name of mailing list you want to be removed from). You > may > > > also send the HELP command for other information (like > subscribing). > > > > __________________________________________________ > > Do You Yahoo!? > > Great stuff seeking new owners in Yahoo! Auctions! > > http://auctions.yahoo.com > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Jared Still > INET: [EMAIL PROTECTED] > > Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California -- Public Internet access / Mailing > Lists > -------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Rachel Carmichael INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
