Mladen,
This is precisely the content I have gone in depth
in my upcoming book where this practice of OPS$ accounts have been discussed.
The security hole in OPS$ accounts is a bit
overrated. Chagnign username in Windows XP alone does not allow logging in to
the database directly if OPS$ accounts are used. What you are referring to is
setting the ORA_DBA group in Windows. Here is an excerpt from the
book:
"If OPS$ accounts must be used, make sure that
init.ora parameter os_authent_prefix is set to OPS$ or some other value, not
NULL. If it is null, as shown by an empty string "", the security is severely
threatened. Any one can create a userid called SYSTEM in the OS and then logon
without a password as the Oracle user SYSTEM. If the os_authent_prefix is set to
OPS$, then the corresponding user id in Oracle will be OPS$SYSTEM, not SYSTEM.
they are different users."
As you might notice, OPS$ accounts are somehow
insecure, and I personally eschew them; but let's face it, in some situations,
like in the case AK mentioned, the use is required. When the DBAs can do is to
take some precautions to ensure security.
HTH.
Arup
|
- oracle authentication from windows AK
- Re: oracle authentication from windows Jose Luis Delgado
- Re: oracle authentication from windows Arup Nanda
- RE: oracle authentication from windows Gogala, Mladen
- Re: oracle authentication from windows AK
- Re: oracle authentication from windows Arup Nanda
- Re: oracle authentication from windows Pete Finnigan
- RE: oracle authentication from windows david davis
- RE: oracle authentication from windows Seefelt, Beth
- Re: oracle authentication from windows Arup Nanda
- Re: oracle authentication from windows AK
- Re: oracle authentication from windows Arup Nanda
- Re: oracle authentication from windows Arup Nanda
- Re: oracle authentication from windows Arup Nanda
- RE: oracle authentication from windows Jacques Kilchoer
- Re: oracle authentication from windows Arup Nanda