(my question follows)
> -----Original Message-----
> From: Seefelt, Beth [mailto:[EMAIL PROTECTED]
>
> I disagree. Remote OS authentication is not inherently insecure in
> Windows like it is in Unix. If you prefix the account names with the
> domain name, a user would not only have to spoof the
> username, he would
> have to spoof the domain name too. At that point, you probably have
> bigger problems than access to your database. Also, in that
> situation,
> only the security token is going over the network, not your
> password in
> clear text. The caveat is that you should be using the
> *domain name* as the prefix, not OPS$.
I don't understand how to accomplish this in practice. I currently sign on to the
Windows Network for domain MYDOMAIN with userid JKILCHOE. By running the query
suggested by Mr. Nanda I see that Oracle thinks my username is jkilchoe:
SQL> select sys_context ('userenv', 'os_user') from dual
SYS_CONTEXT('USERENV','OS_USER')
---------------------------------------------------------
jkilchoe
If I set
os_authent_prefix = MYDOMAIN
and create an Oracle username MYDOMAINJKILCHOE
how does that stop someone else from creating a local user JKILCHOE on their machine,
signing on to their local machine as JKILCHOE, and then using SQL*Net to connect to
the database as MYDOMAINJKILCHOE ?
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jacques Kilchoer
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
