At one time you could set the 'ORACLE_USERNAME=SYSTEM' variable in your
oracle.ini
file, and log into any database as SYSTEM ( without a password ) as long
as REMOTE_OS_AUTHEN=true.
That was obviously some years ago, and I don't know if that is still
possible.
I would have hoped that such an obvious hole was plugged years ago. It
seems to
me that it was, but I don't recall details.
Jared
Jacques Kilchoer <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
03/06/2003 03:28 PM
Please respond to ORACLE-L
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
cc:
Subject: RE: remote / as sysdba
I forgot that you could do that. I never liked remote os authentication
(is it still possible to easily fool a client into thinking you're someone
else?), and I would like it even less if it allowed you to sign on as
SYSDBA without a password. The best security is still having different
passwords for everything, and if there are too many passwords to remember,
just write them down on a post-it note stuck to your monitor.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> You could logon that way if Oracle allowed it.
>
> sqlplus "/@dv03 as sysdba"
>
> two different linux boxes, same OS account name on both boxes.
>
> While the previous will result in an ORA-1997 ( sorry, you
> can't remotely
> logon as SYSDBA ), the following works just fine:
>
> sqlplus /@dv03
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
